[Samba 4] FSMO roles change research

Nadezhda Ivanova nadezhda.ivanova at postpath.com
Sat Jan 16 17:30:51 MST 2010


----- Original Message -----
> From: tridge at samba.org <tridge at samba.org>
> To: Nadezhda Ivanova <nadezhda.ivanova at postpath.com>
> Cc: samba-technical at samba.org <samba-technical at samba.org>
> Sent: Sunday, January 17, 2010 2:22:51 AM GMT+0200 Europe;Athens
> Subject: Re: [Samba 4] FSMO roles change research

> > Hi Nadya,
> 
>  > I have done some research on how FSMO Roles changes works in AD in
>  > order to implement commands that invoke role change, as a means for
>  > testing Samba 4
> 
> thanks!
> 
>  > Python tool to perform these operations to be done shortly.
> 
> great, thank you!
> 
> I think we should also have commands something like "net domain role
> list" to show which DC has each role.

Yeah, I tought about that.
My intended syntax was
net fsmo rolename [--seize|--transfer]
net fsmo --show

as domain role may be interpreted as domainNamingMaster role, gets a bit confusing.
> 
> We also need to be pretty careful about access control for these
> operations :-)

Well, we need to implement the extension of GetNCChanges that transfers the roles between servers, my guess is checs on access control rights happen there, but I havent read the docs in detail about that yet.

> Cheers, Tridge


More information about the samba-technical mailing list