[PATCH] samba-tool: make 'samba-tool user create' work like ADUC
Rowland Penny
repenny241155 at gmail.com
Wed Jun 24 01:21:26 MDT 2015
On 24/06/15 08:13, Scott Lovenberg wrote:
> On Wed, Jun 24, 2015 at 1:42 AM, Rowland Penny <repenny241155 at gmail.com> wrote:
>
>>> Further, the difference between the risks here and the risks in the GUI
>>> are that it is much more likely that a script will run concurrently
>>> (within the replication window of 5 mins) than administrator at a GUI.
>>
>> How about if I could force immediate replication of the object and the msSFU30Max*idNumber attribute ?
> (I phrased a question about three ways and each time was able to
> counter myself but with a slight bit of uncertainty, so I'll ask the
> question bluntly because a couple of implementation details lurk no
> matter how specifically I try to nail down the conditions - so this is
> going to sound much dumber than the question may actually be) :
>
> can you ensure that flushing the replication isn't racy when branches
> of the forest have network issues? As I understand it, on site AD
> members should already be RODC, but isn't there also an election
> somewhat akin to the old NT style domains when a server with a FSMO
> role is disconnected from the rest of the network? That is to say,
> does the protocol account for non-deterministic replication being
> forced or does it just Do The Right Thing when the replication channel
> is opened again? My apologies if this is a silly question.
>
>
>
No, it isn't a silly question, but I will say it again, this patch just
makes samba-tool work like using the Unix Attributes tab in ADUC, it
brings the msSFU30Max*idNumber attributes into use. I feel if it is a
problem with my patch, then it must be a problem with ADUC as well. As
for the FSMO roles, there isn't (as far as I know) an election, the FSMO
role owners have to be set.
Rowland
More information about the samba-technical
mailing list