samba - May 2014 - sanmba4 DC to DC sync: not all attributes are synced

Hi everyone,

I installed a second samba4 DC and join to the first samba4 DC,
following this link 
https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC,
I added two records to the internal DNS, and checked everything works as 
promising.
I did a ldbsearch on the two DCs, I found 5 attributes are not copied 
over to the second DC.
ldbsearch -H ldap://localhost/ -U administrator --password=myadminpass 
-b "CN=myid,CN=Users,DC=mydomain,DC=local"
Here are the 5 attributes not show up on the second DC:
badPasswordTime: 0
badPwdCount: 0
lastLogoff: 130444597380000000
lastLogon: 130444576520000000
logonCount: 0

Is this normal? what I think the ldap records should be the same on both 
AD DC after synced.


Thanks,
Allen

On Thu, 2014-05-29 at 10:20 -0400, Allen Chen wrote:
> Hi everyone,
> 
> I installed a second samba4 DC and join to the first samba4 DC,
> following this link 
> https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC,
> I added two records to the internal DNS, and checked everything works as 
> promising.
> I did a ldbsearch on the two DCs, I found 5 attributes are not copied 
> over to the second DC.
> ldbsearch -H ldap://localhost/ -U administrator --password=myadminpass 
> -b "CN=myid,CN=Users,DC=mydomain,DC=local"
> Here are the 5 attributes not show up on the second DC:
> badPasswordTime: 0
> badPwdCount: 0
> lastLogoff: 130444597380000000
> lastLogon: 130444576520000000
> logonCount: 0
> 
> Is this normal? what I think the ldap records should be the same on both 
> AD DC after synced.
Some attributes are marked as 'not replicated', and these are in that
list.  It is defined by the schema.  In this case it is to avoid a
replication storm created by the daily logon/logoff traffic. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba