[PATCH] samba-tool: make 'samba-tool user create' work like ADUC

Scott Lovenberg scott.lovenberg at gmail.com
Wed Jun 24 01:13:20 MDT 2015


On Wed, Jun 24, 2015 at 1:42 AM, Rowland Penny <repenny241155 at gmail.com> wrote:

>> Further, the difference between the risks here and the risks in the GUI
>> are that it is much more likely that a script will run concurrently
>> (within the replication window of 5 mins) than administrator at a GUI.
>
>
> How about if I could force immediate replication of the object and the msSFU30Max*idNumber attribute ?

(I phrased a question about three ways and each time was able to
counter myself but with a slight bit of uncertainty, so I'll ask the
question bluntly because a couple of implementation details lurk no
matter how specifically I try to nail down the conditions - so this is
going to sound much dumber than the question may actually be) :

can you ensure that flushing the replication isn't racy when branches
of the forest have network issues?  As I understand it, on site AD
members should already be RODC, but isn't there also an election
somewhat akin to the old NT style domains when a server with a FSMO
role is disconnected from the rest of the network?  That is to say,
does the protocol account for non-deterministic replication being
forced or does it just Do The Right Thing when the replication channel
is opened again?  My apologies if this is a silly question.



-- 
Peace and Blessings,
-Scott.


More information about the samba-technical mailing list