[Samba] Verifying idmap.ldb consistency across domain controllers
lingpanda101
lingpanda101 at gmail.com
Tue May 8 13:23:42 UTC 2018
On 5/8/2018 9:07 AM, Rowland Penny via samba wrote:
> On Tue, 8 May 2018 08:59:52 -0400
> lingpanda101 via samba <samba at lists.samba.org> wrote:
>
>> Hello,
>>
>> Is there a command or quick way to verify idmap.ldb is
>> consistent across domain controllers? Similar to using samba-tool to
>> compare two ldap databases? Thanks.
>>
> No, but if haven't synced idmap.ldb from the first DC to all other DCs,
> then you can take it for granted they are not consistent ;-)
>
> Rowland
>
My concern is with human error and built in groups. I'm using RFC2307 on
all DC's so all UID's and GID's for manually created user & groups I
should be good. I'm pretty confident for all DC's I have added to the
domain, I took the step to copy and replace idmap.ldb. If I search for
one builtin user and group and verify XID's across domain controllers.
Can I deduce I have in fact took care to copy and replace idmap.ldb from
the 1st DC? What are some tell tell signs of idmap.ldb inconsistency?
Thanks for any guidance.
--
--
James
More information about the samba
mailing list