[Samba] Sysvol Replication workaround seems not work
Thomas Kempf
listen at hueper.de
Fri Jul 30 09:26:37 UTC 2021
Am 30.07.2021 um 11:15 schrieb Rowland Penny via samba:
> On Fri, 2021-07-30 at 11:01 +0200, Thomas Kempf via samba wrote:
>>
>>>
>>> You have to run sysvolreset on all DC's
>> can i do this safely now having removed the gidNUmber from Domain
>> Admins?
>
> Yes
>
>>
>>>
>>> this doesn't mean that you need to sync idmap.ldb, only if you have
> made user or group changes.
>> ok, but shouldn't this be done automagically by the implemented
>> "Bidirectional Rsync/Unison based SysVol replication workaround" ?
>
> No, because that method does not sync idmap.ldb
Sorry, i fear, i was not clear in what i meant.
As far as i understood, there will be no change in idmap.ldb, when i'm
not making any user or group changes, so no need to resync idmap.ldb
each time when i change ACL on a GPO.
But if i change only Delegation on one Policy - which leads AFAIK to
changed ACL on FSMO-DCs sysvol, shouldn't these ACL-Changes be synced to
the other DC automatically by Unison ?
This is, what does not work here.
Kind Regards
Tom
More information about the samba
mailing list