Lost all SMB permissions after Clear Config from Directory Services - Active Directory and rejoining

I need to uncheck the “Enable DNS Updates” on my Directory Services configuration. This is due to a TrueNAS interface being statically assigned and non-routable, but a DNS registration still being made for it.

I attempted to uncheck the box and save the configuration, however the Save button is not enabled.

I then created a backup, attempted use the Clear Config button in the Directory Services configuration and then setup my Active Directory connection again. Even though the status is Healthy, alI of my SMB ACLs are gone. They show up as ‘Group 0’ …

I rebooted my TrueNAS host after re-adding the Active Directory configuration, however, things are still broken. I needed to restore my configuration from backup to get things running again.

Is this expected behavior when using the Clear Config button in Directory Services? How can I get this setting changed without breaking my ACLs? It would be a tremendous amount of work to set all the permissions up again.

No permissions are changed on-disk when you clear the settings; however, if you assigned permissions to AD users / groups we will obviously no longer be able to resolve those. If you want then to resolve, then re-join AD with the same idmap settings you were using before (probably the defaults).

This is no different of a situation than if you joined AD on a windows client, assigned permissions on some local filesystem files to AD accounts (non-local) and then removed yourself from AD. You’d have a large number of SIDs in security descriptors that no longer resolve.