[PATCH] samba-tool: make 'samba-tool user create' work like ADUC
scott.lovenberg at gmail.com
Wed Jun 24 01:37:35 MDT 2015
On Wed, Jun 24, 2015 at 2:21 AM, Rowland Penny <repenny241155 at gmail.com> wrote:
> On 24/06/15 08:13, Scott Lovenberg wrote:
>> On Wed, Jun 24, 2015 at 1:42 AM, Rowland Penny <repenny241155 at gmail.com>
>>>> Further, the difference between the risks here and the risks in the GUI
>>>> are that it is much more likely that a script will run concurrently
>>>> (within the replication window of 5 mins) than administrator at a GUI.
>>> How about if I could force immediate replication of the object and the
>>> msSFU30Max*idNumber attribute ?
>> (I phrased a question about three ways and each time was able to
>> counter myself but with a slight bit of uncertainty, so I'll ask the
>> question bluntly because a couple of implementation details lurk no
>> matter how specifically I try to nail down the conditions - so this is
>> going to sound much dumber than the question may actually be) :
>> can you ensure that flushing the replication isn't racy when branches
>> of the forest have network issues? As I understand it, on site AD
>> members should already be RODC, but isn't there also an election
>> somewhat akin to the old NT style domains when a server with a FSMO
>> role is disconnected from the rest of the network? That is to say,
>> does the protocol account for non-deterministic replication being
>> forced or does it just Do The Right Thing when the replication channel
>> is opened again? My apologies if this is a silly question.
> No, it isn't a silly question, but I will say it again, this patch just
> makes samba-tool work like using the Unix Attributes tab in ADUC, it brings
> the msSFU30Max*idNumber attributes into use. I feel if it is a problem with
> my patch, then it must be a problem with ADUC as well. As for the FSMO
> roles, there isn't (as far as I know) an election, the FSMO role owners have
> to be set.
We're on the same page. If indeed this is how ADUC works, I can't see
how this isn't a problem there as well unless the replication protocol
specifically has handling for this built in.
Peace and Blessings,
More information about the samba-technical