[Samba] Question on sysvol replication, GPOs and sysvolreset
Norbert Hanke
norbert.hanke at gmx.ch
Tue Dec 5 14:30:41 UTC 2023
It's true that GPOs are per default submitted to the DC with the PDC
role by the Windows domain management tooling.
But be careful with logon scripts and the like created by such tools:
they are are saved to a random DC, i.e. to the fqdn of the domain,
DNS-resolving to a random DC.
On 05.12.2023 15:10, Luis Peromarta via samba wrote:
> Try:
>
> http://samba.bigbird.es/doku.php?id=samba:sync-sysvol
>
> I would recommend one way sync always from PDC FSMO owner, as this is the machine the GPOs get created in by default.
>
> And of course :
>
> http://samba.bigbird.es/doku.php?id=samba:sync-idmap.ldb
>
> Regards.
>
> LP
> On 5 Dec 2023 at 13:47 +0100, Jakob Curdes via samba <samba at lists.samba.org>, wrote:
>> Hello,
>>
>> I am wondering whether I have all pieces together for a scenatio with
>> two DCs and GPOs being used.
>> Obviously the GPOs need to be replicated between DCs, I use "osync" as
>> per the samba wiki
>> (https://wiki.samba.org/index.php/Bidirectional_Rsync/osync_based_SysVol_replication_workaround).
>>
>> In that documentation the sysvolreset command is issued every time on
>> the second DC after a successful sync.
>>
>> On the other hand, the page https://wiki.samba.org/index.php/Sysvolreset
>> claims that one should never run sysvolreset or even sysvolcheck (!?) in
>> such a scenario.
>> So what is the correct advice? I would assume that I do not need to
>> reset the permissions all the time, so I could safely omit the
>> REMOTE_RUN_AFTER_CMD in the osync config?
>>
>> Best regards, Jakob
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list