Checking we cannot delete fsmoRoleOwner

Andrew Bartlett abartlet at
Wed Apr 18 22:27:06 MDT 2012


I wondered if you might have time to look into the appropriate
protection required for fSMORoleOwner?  Clearly we should prevent it
from becoming empty (that is, a FSMO role having no owner), but as
always it is a matter of protecting it in the right way.  

I've just (in pending autobuild) added a dbcheck test to put it back,
but this is a little late, and it would be good if the samldb module
would know how to prevent this in the first place.  In particular, the
tricky part will be ensuring that we do not allow a forced delete of a
DC with roles (because the link clean-up will be what deletes the

This sounds like exactly this kind of challenge you are really good at,
and I wondered if you could help out?


Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list