[Samba] how to sync idmap.ldb between DCs?
Steven Monai
stevemoca at gmail.com
Wed Sep 13 14:27:44 UTC 2023
On 2023-09-13 6:49 a.m., Rowland Penny via samba wrote:
> On Wed, 13 Sep 2023 13:13:24 +0000
> bd730c5053df9efb via samba <samba at lists.samba.org> wrote:
>
>> I'm going to piggyback on this answer and ask something that I've
>> been wondering. Is the idmap.ldb sync mentioned in the linked page a
>> one time thing before you replicate the sysvol or is it something you
>> should do periodically? If so, how often?
>>
>
> It needs to be done initially and then on a regular basis, though it
> shouldn't be needed every time.
I also have some questions about this.
Firstly: In my current process for Samba AD domain deployments, when
joining a machine to the domain, I copy the idmap.ldb from the DC
holding the FSMO PDC_Emulator_Role to each machine joining the domain
*exactly once*: at the time of the initial join. Should I *also* create
a periodic process that resyncs idmap.ldb from PDC_Emulator to
domain-member servers (and to DCs that do not hold FSMO roles) on a
regular basis?
Secondly: If yes to my first question: How often should idmap.ldb be
synced to member servers? What is a reasonable time period? Or is there
some other event that should trigger a sync of idmap.ldb to domain members?
And finally: What is meant by "it shouldn't be needed every time"? Are
there instances where a domain-join does not require syncing idmap.ldb
to the joining machine?
Thank you for your time.
-S.M.
More information about the samba
mailing list