mat+Informatique.Samba at matws.net
Mon Jan 25 16:02:20 MST 2010
I'm somehow feeling concerned with upgradeprovision and here are my
plans to improve it:
1) Update DNS record using rebuild_zone.sh or something similar, as
older provision might have broken zone somehow.
2) Update NTACLs and dirs in sysvol, as new GPO has been introduced in
august by MDW but users with older provision do not have associated dirs
and no acl on this dir as well and up to a few days provision didn't put
ACL on sysvol files.
3) do a mostly clean SD update: for the moment upgrade provision is
always replacing the SD in the upgraded provision by the one
recalculated. The very first step is to limit this behavior to older
than alpha11 provision as now people (I'm not totally happy with this
cutof as alpha11 shipped with a bug that caused SD to be bogus on some
configuration objects). T
hen I would like to check every object where the SD is different from
the reference one and for each object that is found, check if its SD was
obtained directly from the defaultSD + the SD of its parent or if the SD
was modified afterhand.
4) Make upgradeprovision use one big transaction for the upgrade process
5) Honnor fSMORoleOwner so that upgradeprovision on a given host do not
modify parts where the DC is the role owner
6) Make upgradeprovision not replace sam.ldb when provision > alpha10
and do instead a search and replace in sam.ldb with basedn=""
7) Update provision so it can store an @PROVISION entry in sam.ldb to
keep the trace of the last USN modified by (upgrade)provision
8) Use the the usn information, the replpropertymetadata, + the
invocation id of the udpdated DC to see if should update attribute or
not. The rule will be: originating_invocation_id== invocation_id_dc &&
originating_usn <= lastUSN modified by provision.
Let me know if you see something else to add or reorder.
More information about the samba-technical