[Samba] Extending the AD schema
John Gardeniers
jgardeniers at objectmastery.com
Mon Sep 5 00:23:24 UTC 2016
We're looking at implementing Sudoers LDAP on our Samba 4 AD domain.
While this worked perfectly in a test environment previously, I am
always extremely nervous about the possibility of stuffing things up on
production.
Given a domain with multiple DCs (two in our case), should I do add the
schema extension with all DCs on line or should one by taken off line to
provide an emergency backup in case things go wrong? In this case will
the schema extension reliably propagate to the DC which was off line at
the time?
Way back (maybe 13 years or so ago) when I was managing a pure Windows
AD environment I asked a similar question and received advise pretty
much evenly distributed between those two methods.
regards,
John
More information about the samba
mailing list