[Samba] Verifying idmap.ldb consistency across domain controllers
lingpanda101 at gmail.com
Tue May 8 13:23:42 UTC 2018
On 5/8/2018 9:07 AM, Rowland Penny via samba wrote:
> On Tue, 8 May 2018 08:59:52 -0400
> lingpanda101 via samba <samba at lists.samba.org> wrote:
>> Is there a command or quick way to verify idmap.ldb is
>> consistent across domain controllers? Similar to using samba-tool to
>> compare two ldap databases? Thanks.
> No, but if haven't synced idmap.ldb from the first DC to all other DCs,
> then you can take it for granted they are not consistent ;-)
My concern is with human error and built in groups. I'm using RFC2307 on
all DC's so all UID's and GID's for manually created user & groups I
should be good. I'm pretty confident for all DC's I have added to the
domain, I took the step to copy and replace idmap.ldb. If I search for
one builtin user and group and verify XID's across domain controllers.
Can I deduce I have in fact took care to copy and replace idmap.ldb from
the 1st DC? What are some tell tell signs of idmap.ldb inconsistency?
Thanks for any guidance.
More information about the samba