[Samba] Multiple DC and idmap.ldb sync problem

[Piotr Adamcio]

I have 4 DCs with sysvol replication, but one central database for 
users, computers, etc. On every server, there is an |idmap.ldb| file 
which stores user & group IDs in 'xidNumber' attributes. Locally, 
|idmap| stores attributes with autoincrementation, and I understand 
this. And on every DC, I have to guarantee that each DC will use the 
same ID for a given user or group; that's why I have to copy |idmap.ldb|.

I have such a problem that even when I copy (first backup, second copy 
to another DC, and third rename to the original name), linux doesn't use 
this attrib from Samba unless I restart the Samba service, or even in 
some cases, restart the whole Debian system. thats why i have problem 
with file permission

In the documentation, I found that Unix attributes about a user can be 
stored in AD - not in a file. In this case, attributes can be synced via 
the catalog replication mechanism, and all attributes will sync on every DC.

Idmap config ad (https://wiki.samba.org/index.php/Idmap_config_ad). The 
main problem is about the disadvantages: I have to manually track ID 
values to avoid duplicates, and the values for the RFC2307 attributes 
are not created automatically; they must be added manually.

The most important thing is the master DC, and maybe there is any 
workaround to put the information which is stored in |idmap.ldb| into 
the AD database. In the next step, the whole AD database will replicate 
using built-in mechanisms.

I wonder why Samba developers omitted autoincrement in AD Unix 
attributes, and why we can't put RFC2307 attribute values into the 
database, maybe defined in |smb.conf| or something like that.

Maybe someone has a workaround for this case  that avoids copying the 
idmap.ldb files.