With samba4 git f8425b73. According to this article http://support.microsoft.com/default.aspx?scid=kb;en-us;828760 If GPO permission between ones in the AD and the other in the FS are not coherent then Group policy management should propose you to modify the latter to correct this problem. Running this tool with the domain administrator give just this message "The permissions for this GPO in the SYSVOL folder are inconsistent with those in Active Directory. It is recommended that these permissions be consistent. Contact an administrator who has rights to modify security on this GPO." Which means that we do not have enough rights, the security descriptor state of course the opposite: O:DOMAIN_SID-512G:S-1-5-2 1-3382745771-3108645516-1830732068-512D:AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DOMAIN_SID-512(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;CIID;RPWPCRCCLCLORCWOWDSDSW;;;BA)(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DOMAIN_SID-519)(A;CIID;LC;;;RU)(A;CIIOID;RPWPCCDCLCLORCWOWDSDDTSW;;;CO)S:(OU;CIIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIDSA;WP;f30e3 bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
Is this working now?
No still have the message: The permissions for this GPO in the SYSVOL folder are inconsistent with those in Active Directory. It is recommended that these permissions be consistent. Contact an administrator who has rights to modify security on this GPO. When we should receive this one: The permissions for this GPO in the SYSVOL folder are inconsistent with those in Active Directory. It is recommended that these permissions be consistent. To change the permissions in SYSVOL to those in Active Directory, click OK Note that it's like this since the beginning of S4, it's not a regression.
The changeset 56b754e09ad5cd926e1dd0747252b7c359294938 fix this problem.