[Samba] maximum ad domain controller unavialability time
Alex MacCuish
alex at maccuish.org.uk
Tue Apr 14 09:02:03 UTC 2020
HI Valery
A DC is never "removed" automatically from AD, but, at least from the
Windows perspective, the longest period would be the tombstone lifetime.
After this has passed, the DC would have objects "lingering", as the
deletion of an object could have already occurred at other DCs and then
the marker of the deletion itself removed, which of course means there
is no way to communicate the deletion after this final point. I believe
Windows automatically blocks replication and disables the netlogon
service when it detects such a situation. I'm not sure what samba would do.
Alex
On 14/04/2020 09:37, Zhuchenko Valery via samba wrote:
> Hi, all.
>
> What is greatest period for AD DC (non FSMO) can be unavailable, for
> example, because network segment is unavailable for long time (3, 4 weeks)?
> Is the controller will be removed from AD automatically?
> And what to do after this network segment will become available?
>
> I have read about tombstoneLifeTime attribute of Directory Service
> (Configuration, Services, Windows NT), which default value is 180 days.
> But what is about replication?
>
> Thank you for your explanation.
>
> Best regards,
> Valery
>
More information about the samba
mailing list