A newly delegated right, but more importantly the removal of a delegated right, would not be inherited on any DC other than the one where the change was made.If samba is set with "log level = 3" then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange.Samba 4.9 introduced an off-by-default feature to tombstone dynamically created DNS records that had reached their expiry time. This feature is controlled by the smb.conf option: dns zone scavenging = yes