My Favorites


Please to see your favorites.

Group Policy operations fail due to sysvol MSDFS referral link pointing to wrong path in ADC.

This document (7009466) is provided subject to the disclaimer at the end of this document.


Domain Services for Windows
Novell Open Enterprise Server 2 Support Pack 3
Novell Open Enterprise Server 11
SUSE Linux Enterprise Server 10 Service Pack 4


After the installation of Samba version 3.0.36-, the execution of the login scripts and GPO's fails when the workstation connects to an ADC during the login process.
The issue only occurs in environments having DSfW Additional Domain Controllers.

When the "gpupdate /force" command is executed on a workstation the following error message is being returned.
Error: Group policies path was not found in the specified location

When the DSfW Additional Domain Controller is affected by the issue, when accessing \\domain.com\sysvol from a workstation the following directory structure is displayed:
- Policies
- scripts
- sysvol

When the DSfW Additional Domain Controller is not affected, the following directory structure is displayed while accessing \\domain.com\sysvol from a workstation.

In this case \\domain.com\sysvol\domain.com contains the following directory structure:
- Policies
- scripts
- sysvol


The Additional Information section contains a script which can be used to correct the issue.

Verify the Sysvol DFS referral links in the following location by running the ls -l command on the DSfW Additional Domain Controller.

Prior to the execution of the updateDFSlink.sh script, the symbolic link looks as follows:
ls -l /var/opt/novell/xad/msdfs

This is also how the symbolic link should look when an earlier version of samba is installed.
The updateDFSlink.sh script should only be used in combination with samba-3.0.36- or newer.

Use the updateDFSlink.sh script to modify the symbolic link on each  DSfW Additional Domain Controller.

Steps to apply:
Copy the script to /tmp/
chmod 700 /tmp/updateDFSlink.sh

After the execution of the script, the symbolic link should look as follows:
ls -l /var/opt/novell/xad/msdfs


Reported to Engineering

Additional Information

Contact Novell Support and reference this TID for the updateDFSlink.sh or create the script by copying and pasting the below information.


    Message=`echo "$*"`;
    echo "$Message";

    RootDomain=$(/opt/novell/xad/share/dcinit/printConfigKey.pl "Root Domain" 2> /dev/null);
    LinkFile=$(ls /var/opt/novell/xad/msdfs/ 2>/dev/null);
    if [ "$RootDomain" = "$LinkFile" ]
            Log "Link File present, proceeding with modify";
            LinkValue=$(ls -l /var/opt/novell/xad/msdfs/$LinkFile | awk -F"-> " '{print $2}' 2>/dev/null);
        if [ $LinkValue = "" ]
               Log "Unable deduce the link value for $LinkFile";
               exit 1;
           Log "Current Link value $LinkValue"

        Link1=$(echo $LinkValue | sed "s/msdfs\\\\${RootDomain},/msdfs,/i");
        NewLink=$(echo $Link1 | sed "s/sysvol\\\\${RootDomain}$/sysvol/i");
        Log "Setting the new link as -- $NewLink";
        cd /var/opt/novell/xad/msdfs/;
        rm $RootDomain;
        ln -sf $NewLink $RootDomain;
        cd - 2>&1 > /dev/null;
        LinkValue=$(ls -l /var/opt/novell/xad/msdfs/$LinkFile);
        Log "Active link is $LinkValue";
        chown -R administrator:"domain admins" /var/opt/novell/xad/msdfs/
        echo "Link Not present. Execute this script only on ADC"
        exit 1
        exit 0
main $@


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7009466
  • Creation Date:13-JUN-12
  • Modified Date:14-JUN-12
    • NovellOpen Enterprise Server

Did this document solve your problem? Provide Feedback