[Samba] RODC in remote Site
Andrew Bartlett
abartlet at samba.org
Mon Feb 15 20:36:17 UTC 2021
On Mon, 2021-02-15 at 20:54 +0100, cn--- via samba wrote:
> Am 15.02.21 um 17:02 schrieb Rowland penny via samba:
>
> > The same goes for the above, it is trying to write to the local
> > database
> > and cannot . Have you tried creating the RODC's dns records on a DC
> > (if
> > they don't exist) ?
>
> Yes I have created the missing ones. But it errors on all of them
> regardless who created them.
> > It looks like the RODC is passing its update command to a DC which
> > cannot update the records because it does not own the record.
>
> As far as I am aware a DC is always able to update records as
> "Domain
> Controllers" Group has "Full Control" rights.
Sort of. It has implied 'full control' rights because it can always
change things being a root process, but if it chooses to honour the
ACLs then it will follow 'normal' rules, whatever they are for a given
object.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
More information about the samba
mailing list