Sharing a 'System Read Access' LDB handle in Samba4
lukeh at padl.com
Thu Jun 19 06:29:00 GMT 2008
> I suppose the depends if these are held in the main DB. I was under
> impression that to avoid massive replication pressure, that these
> logs were stored elsewhere, and the only thing to update would be the
> 'week of last logon' timestamp (from memory).
lastLogon was non-replicated, but lastLogonTimestamp (introduced in
W2K3) is. Also account lockout-related attributes would need to be
replicated too? I'm a bit hazy on this, I seem to remember that
lockout attempts were per-DC but presumably once the account is
actually locked out, this is replicated to all DCs.
More information about the samba-technical