samba - Dec 2024 - preparing for a new site with an extra domain controller

Am 10.12.24 um 15:10 schrieb Luis Peromarta via samba:
> No issue, sync will continue next time network is up.
great

As I prepare that I also hit the fact that I should switch from 
one-directional sysvol-sync to bi/multidirectional sync via unison or osync.

That means I have to switch over the existing syncing also, right now we 
do the basic rsync-syncing. I will do that first, after backups and rtfm.

Am 12.12.24 um 10:48 schrieb Stefan G. Weichinger via
samba:
> Am 10.12.24 um 15:10 schrieb Luis Peromarta via samba:
>> No issue, sync will continue next time network is up.
> 
> great
> 
> As I prepare that I also hit the fact that I should switch from one- 
> directional sysvol-sync to bi/multidirectional sync via unison or osync.
> 
> That means I have to switch over the existing syncing also, right now we 
> do the basic rsync-syncing. I will do that first, after backups and rtfm.
switched over to unison, looks good

Now I prepare joining the third DC. That will happen after sending the 
appliance to the new site, to have the correct IPs and routing etc in place.

(AFAIK changing IPs after joining is bad, so I will only start the 
joining when it's in the correct place)

-

I read howtos like: 
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory

I have joined Samba DCs in the past, so I think I got that part right, 
but let me quote something that is written a bit misleading.

Keep in mind that I am not a native speaker, my first language is german.

In the section "Built-in User & Group ID Mappings" there's
that red
block telling me:

"You need to sync idmap.ldb when you first join a new DC and then 
regularly, to ensure the IDs remain constant, you do not need to sync 
idmap.ldb every time you sync SysVol but as stated in the mailing list 
it should be done periodically."

So what?

1) sync it at first
2) do not sync it every time with sysvol
3) sync it periodically

I don't do 3) for years in two sites ... and afaik it didn't hurt

How often is "periodically" ? daily/weekly/monthly ?

Why not provide an example or add that to the "SysVol replication" 
cron-jobs (or as similar instructions) as well, if it's necessary?

to me it's a bit unclear and could be easily missed (as mentioned I 
don't do it so far)

thoughts? explanation?

just my 2 cents, maybe the docs could be improved here. thanks all!