[Samba] Multiple domain and trust relationship
Julien Deloubes
julien.deloubes at gmail.com
Sat Oct 17 16:40:01 UTC 2015
Thanks to all your insights.
2015-10-14 23:02 GMT+02:00 Marc Muehlfeld <mmuehlfeld at samba.org>:
> Hello Klaus,
>
>
> Am 12.10.2015 um 23:34 schrieb Klaus Hartnegg:
> > Different domains have advantages if the network connection is bad, and
> > if local admins want to create new ad objects themselves, e.g. new
> > users.
>
> This is also possible with AD sites. Even if the network connection is
> temporary offline.
>
> Each DC has a RID pool (default 500 RIDs). Until it's empty, you can
> create new objects. The pool is already refreshed if it's reaches half
> (if I'm right). So usually you have at least 250 unused RIDs on each DC,
> when the connection to the RID master gets disconnected.
>
>
>
>
> > Separate domains also allow to have the (fsmo role) pdc-emulator
> > local on each site, which should always be reachable.
>
> Why? I see no big problem if the PDC emulator is offline.
>
> The client's on that site can't sync their time with that host. If you
> set an other/additional NTP server via GPO for that site, this isn't a
> problem anyway. The only real trouble I see is, that you can't login on
> pre-Win2k machines (NT4), if you still have some.
>
>
> https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles
>
>
> Regards,
> Marc
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list