[PATCH] samba-tool: make 'samba-tool user create' work like ADUC

Rowland Penny repenny241155 at gmail.com
Wed Jun 24 01:21:26 MDT 2015


On 24/06/15 08:13, Scott Lovenberg wrote:
> On Wed, Jun 24, 2015 at 1:42 AM, Rowland Penny <repenny241155 at gmail.com> wrote:
>
>>> Further, the difference between the risks here and the risks in the GUI
>>> are that it is much more likely that a script will run concurrently
>>> (within the replication window of 5 mins) than administrator at a GUI.
>>
>> How about if I could force immediate replication of the object and the msSFU30Max*idNumber attribute ?
> (I phrased a question about three ways and each time was able to
> counter myself but with a slight bit of uncertainty, so I'll ask the
> question bluntly because a couple of implementation details lurk no
> matter how specifically I try to nail down the conditions - so this is
> going to sound much dumber than the question may actually be) :
>
> can you ensure that flushing the replication isn't racy when branches
> of the forest have network issues?  As I understand it, on site AD
> members should already be RODC, but isn't there also an election
> somewhat akin to the old NT style domains when a server with a FSMO
> role is disconnected from the rest of the network?  That is to say,
> does the protocol account for non-deterministic replication being
> forced or does it just Do The Right Thing when the replication channel
> is opened again?  My apologies if this is a silly question.
>
>
>

No, it isn't a silly question, but I will say it again, this patch just 
makes samba-tool work like using the Unix Attributes tab in ADUC, it 
brings the msSFU30Max*idNumber attributes into use. I feel if it is a 
problem with my patch, then it must be a problem with ADUC as well. As 
for the FSMO roles, there isn't (as far as I know) an election, the FSMO 
role owners have to be set.

Rowland


More information about the samba-technical mailing list