[Samba] Sysvol Replication workaround seems not work

Thomas Kempf listen at hueper.de
Fri Jul 30 09:26:37 UTC 2021

Am 30.07.2021 um 11:15 schrieb Rowland Penny via samba:
> On Fri, 2021-07-30 at 11:01 +0200, Thomas Kempf via samba wrote:
>>> You have to run sysvolreset on all DC's
>> can i do this safely now having removed the gidNUmber from Domain
>> Admins?
> Yes
>>> this doesn't mean that you need to sync idmap.ldb, only if you have
> made user or group changes.
>> ok, but shouldn't this be done automagically by the implemented
>> "Bidirectional Rsync/Unison based SysVol replication workaround" ?
> No, because that method does not sync idmap.ldb
Sorry, i fear, i was not clear in what i meant.
As far as i understood, there will be no change in idmap.ldb, when i'm 
not making any user or group changes, so no need to resync idmap.ldb 
each time when i change ACL on a GPO.

But if i change only Delegation on one Policy - which leads AFAIK to 
changed ACL on FSMO-DCs sysvol, shouldn't these ACL-Changes be synced to 
the other DC automatically by Unison ?
This is, what does not work here.

Kind Regards

More information about the samba mailing list