[Samba] LDB Tools best practices

Rowland Penny rpenny at samba.org
Thu Oct 26 14:49:54 UTC 2023

On Thu, 26 Oct 2023 17:02:34 +0300
Perttu Aaltonen via samba <samba at lists.samba.org> wrote:

> Quick question. Can the LDB tools that modify the database files
> directly be used without stopping Samba DC? Specifically ldbmodify?

No problem, also you can use the machine password '-P' for most searches

> What about when there are more than one DC? Anything to take into
> account or best practices?

The better question would be, 'What if there are multiple sysadmins ?',
you should always have more than one DC.

With multiple sysadmins, you could get 'collisions', especially if they
try to change the same object on different DCs, so best practice would
be to always do any changes on one DC (Usually the one holding the
PDC_Emulator FSMO role).


More information about the samba mailing list