[Samba] Verifying idmap.ldb consistency across domain controllers

lingpanda101 lingpanda101 at gmail.com
Tue May 8 13:23:42 UTC 2018

On 5/8/2018 9:07 AM, Rowland Penny via samba wrote:
> On Tue, 8 May 2018 08:59:52 -0400
> lingpanda101 via samba <samba at lists.samba.org> wrote:
>> Hello,
>>       Is there a command or quick way to verify idmap.ldb is
>> consistent across domain controllers? Similar to using samba-tool to
>> compare two ldap databases? Thanks.
> No, but if haven't synced idmap.ldb from the first DC to all other DCs,
> then you can take it for granted they are not consistent ;-)
> Rowland
My concern is with human error and built in groups. I'm using RFC2307 on 
all DC's so all UID's and GID's for manually created user & groups I 
should be good. I'm pretty confident for all DC's I have added to the 
domain, I took the step to copy and replace idmap.ldb. If I search for 
one builtin user and group and verify XID's across domain controllers. 
Can I deduce I have in fact took care to copy and replace idmap.ldb from 
the 1st DC? What are some tell tell signs of idmap.ldb inconsistency? 
Thanks for any guidance.


More information about the samba mailing list