From: Bob Campbell <bobcampbell@catalyst.net.nz>
Date: Wed, 29 Jun 2016 22:40:51 +0000 (+1200)
Subject: provision_fill: move GPO into transaction
X-Git-Tag: tdb-1.3.10~481
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c76b0090ae03d2fabc500b03eb8d7076d6af762b;p=thirdparty%2Fsamba.git

provision_fill: move GPO into transaction

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
---

diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 940bb1b4e02..ce7506addb6 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -1781,6 +1781,11 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
                        dom_for_fun_level=dom_for_fun_level, am_rodc=am_rodc,
                        next_rid=next_rid, dc_rid=dc_rid)
 
+        # Set up group policies (domain policy and domain controller
+        # policy)
+        if serverrole == "active directory domain controller":
+            create_default_gpo(paths.sysvol, names.dnsdomain, policyguid,
+                               policyguid_dc)
     except:
         samdb.transaction_cancel()
         raise
@@ -1788,11 +1793,8 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
         samdb.transaction_commit()
 
     if serverrole == "active directory domain controller":
-
-        # Set up group policies (domain policy and domain controller
-        # policy)
-        create_default_gpo(paths.sysvol, names.dnsdomain, policyguid,
-                           policyguid_dc)
+        # Continue setting up sysvol for GPO. This appears to require being
+        # outside a transaction.
         if not skip_sysvolacl:
             setsysvolacl(samdb, paths.netlogon, paths.sysvol, paths.root_uid,
                          paths.root_gid, names.domainsid, names.dnsdomain,