[PATCH] samba-tool: make 'samba-tool user create' work like ADUC
Scott Lovenberg
scott.lovenberg at gmail.com
Wed Jun 24 01:13:20 MDT 2015
On Wed, Jun 24, 2015 at 1:42 AM, Rowland Penny <repenny241155 at gmail.com> wrote:
>> Further, the difference between the risks here and the risks in the GUI
>> are that it is much more likely that a script will run concurrently
>> (within the replication window of 5 mins) than administrator at a GUI.
>
>
> How about if I could force immediate replication of the object and the msSFU30Max*idNumber attribute ?
(I phrased a question about three ways and each time was able to
counter myself but with a slight bit of uncertainty, so I'll ask the
question bluntly because a couple of implementation details lurk no
matter how specifically I try to nail down the conditions - so this is
going to sound much dumber than the question may actually be) :
can you ensure that flushing the replication isn't racy when branches
of the forest have network issues? As I understand it, on site AD
members should already be RODC, but isn't there also an election
somewhat akin to the old NT style domains when a server with a FSMO
role is disconnected from the rest of the network? That is to say,
does the protocol account for non-deterministic replication being
forced or does it just Do The Right Thing when the replication channel
is opened again? My apologies if this is a silly question.
--
Peace and Blessings,
-Scott.
More information about the samba-technical
mailing list