[Samba] DCs demote / change IP / re-join mistakes
Rowland Penny
rpenny at samba.org
Sat Oct 29 14:03:30 UTC 2022
On 29/10/2022 13:10, Luis via samba wrote:
>
> So what is the state of my AD ?
I cannot say, you could have underlying errors, but if you have, they
have nothing to do with not having that line in smb.conf
>
> DC3 is untouched
> DC1 and DC2 were joined as per the initial mail without --use-rfc2307 and without replacing idmap.ldb from the other DC.
>
> Can I assume the first mistake (re-joined without --use-rfc2307) has no consequences,
Yes.
as the line was already in smb.conf
That is a bit worrying, when provisioning a new domain, or joining a DC,
you shouldn't have a smb.conf, the privision or join will create it for you.
and creating the ldif ypServ30.ldif is only done at domain provision,
not joining ?
It doesn't so much create it, more it uses it and yes, it is only done
at provision of a new domain.
>
> And second, do I have 3 different idmap.ldb in the domain ? Or is this file replicated from the DC that has the PDC_Emulator FSMO role role ?
Yes, it is possible to have a different idmap.ldb file on each DC,
unless you sync the one from the DC with the PDC_Emulator FSMO role to
all other DC's (actually you can sync from any DC, just as long as they
all match)
>
> If there are different, Is there anything I can do to sync the idmap.ldb file
See here:
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Built-in_User_.26_Group_ID_Mappings
Rowland
More information about the samba
mailing list