[Samba] unique index violation on objectSid on samba ad
Marc Muehlfeld
mmuehlfeld at samba.org
Mon Oct 19 15:13:35 UTC 2015
Am 19.10.2015 um 16:02 schrieb Krutskikh Ivan:
> Let me explain myself here. We ship video surveillance systems with
> build-in ad domain controllers on 2 servers. Right now we have 4 active
> projects and 3 more this year. Provisioning dc's by hand each time is a
> pain I would like to avoid.
>
> There's not much I want from a domain: groups 'video' and 'video admins' to
> exist, gpo's to auto redirect user profiles to network share and to prevent
> users from video and video admins group from windows login and a some
> specific password age settings.
What is the reason to ship that system with an DC? I don't know your
system, but usually this kind of equipment is something I want to
_integrate_ into my network and not run it as a part that manages my
network.
Why not make it a domain member or standalone system with local users?
> But if I would have to do this manually for every new system...
You can script very easy around samba-tool the provisining, the join of
the second DC, user/group creation, etc.
And if you really want to work with cloning, then provision the first,
join the second, do all your change, take a snapshot of both. Then you
have the same setup again for the next customer. As long as the
customers never will met and two of your systems come into the same
network, is is no problem, because the domain would have the same name,
SID, etc.
Regards,
Marc
More information about the samba
mailing list