Is there some way get alerts from an AD DC to let us know that group membership has changed?
Andrew Bartlett
abartlet at samba.org
Wed May 1 22:39:32 MDT 2013
On Wed, 2013-05-01 at 20:24 -0700, Richard Sharpe wrote:
> Hi folks,
>
> I am looking a project where there is interest in knowing if group
> membership has changed.
The only device on a network that would receive a proactive notification
is an RODC, or perhaps a open dirsync LDAP query.
I know this idea has become attractive of late (eg sam-solutions asking
about it, and I got to the point of dissecting the horrible hack QNAP
uses for this), but the idea of hammering the AD DC in exactly the way
Kerberos was designed to avoid makes my stomach churn.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list