[cifs-protocol] When creating a subdomain, who fills in hasPartialReplicaNCs?

Andrew Bartlett abartlet at samba.org
Tue Aug 19 21:12:17 MDT 2014

I've got Samba to the point where Samba can be a subdomain to a windows
AD domain, something we have been working on for a number of years.

As context, we did some work on this at a number of previous plugfest
events, and this work has been mostly to re-animate this effort, and to
make it useful to end users, by having it also work for NTLM

I've got to the point where Samba and windows both seem to think they
are in a trusted domain situation, and Samba can authenticate with an
account from the Windows parent domain using both NTLM and Kerberos.

Next, I need to replicate the Samba domain
(sub.ad.ruth.wgtn.cat-it.co.nz) to the AD domain
(ad.ruth.wgtn.cat-it.co.nz), and vice-verca, because the both DCs should
be a GC.  How do I instigate that?  

"MS-ATDS DC and Partial Replica NCs Replicas" describes the
end state, and it seems Windows (perhaps after a time) replicates in the
Samba state, but what causes the initial replication and the update of
hasPartialReplicaNCs and msDS-HasInstantiatedNCs?

I note that this was partially answered in 112062456011515 here:

However, I'm still a little unclear on what I should be doing to trigger
this on the Samba side of things.


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the cifs-protocol mailing list