[Samba] samba 4.2.1 copy idmap...and problems with bi-directional sysvolsync.

[L.P.H. van Belle]

Hai, 
 
Im try to get my id for administrator groups on both server the same. 
 
with 4.1.17 the solution was simple.. 
we stop samba on both servers. 
scp /var/lib/samba/private/idmap.ldb root at 192.168.0.2:/var/lib/samba/private/
 
started samba, and the id's where the same. 
 
Im using winbindd now with samba 4.2.1 
but... 
 
DC1:  id administrator
uid=0(root) gid=100(users) groups=0(root),100(users),3000004(group policy creator owners),3000006(enterprise admins),
3000008(domain admins),3000007(schema admins),3000005(denied rodc password replication group),3000009(BUILTIN\users),
3000000(BUILTIN\administrators)

id administrator
uid=0(root) gid=100(users) groups=0(root),100(users),3000011(group policy creator owners),3000010(enterprise admins),
3000007(domain admins),3000009(schema admins),3000008(denied rodc password replication group),3000001(BUILTIN\users),
3000000(BUILTIN\administrators)

see the differences here.. 
 
What am i missing.. 
Because of this the bi-directional sysvol sync does not works ok !! 
 
config used : 
# Global parameters
[global]
        workgroup = BAZRTD
        realm = ROTTERDAM.BAZUIN.NL
        netbios name = RTD-DC2
        server role = active directory domain controller
        server services = -dns
 
        idmap_ldb:use rfc2307 = yes
        idmap config * :backend = tdb
        idmap config * :range = 2000-9999
        idmap config BAZRTD : backend = ad
        idmap config BAZRTD : range = 10000-3999999
 
        winbind nss info = rfc2307
        winbind trusted domains only = no
        winbind use default domain = yes

 
Greetz, 
 
Louis