samba - Jan 2018 - What happend if I use option ? --domain-critical-only

What happend if I use " --domain-critical-only" in the domain join 
operation ?

For example:

samba-tool domain join dtcf.etecsa.cu DC -U "DTCF\administrator" 
--dns-backend=BIND9_DLZ -d 3 --domain-critical-only

I couldn't join normally a second DC because of an object replication 
error. So I tried with this option and it done!

But will both DC1 and DC2 work find ?

Hi Denis,
> What happend if I use " --domain-critical-only" in the domain
join
> operation ?
>
> For example:
>
> samba-tool domain join dtcf.etecsa.cu DC -U "DTCF\administrator"
> --dns-backend=BIND9_DLZ -d 3 --domain-critical-only
The --domain-critical-only option will replicate only the bare minimum 
to startup the new DC in the domain.

Then after the first startup, it will start to replicate all the other 
objects from the AD.
> I couldn't join normally a second DC because of an object replication
> error. So I tried with this option and it done!
>
> But will both DC1 and DC2 work find ?
Usually I advise to use --domain-critical-only because it will force to 
have almost all the objects will go through the standard replication 
procedure, which for some reasons seems to be stricter than initial join 
(at least up to 4.6, I haven't had such kind of discrepancies (yet) on 
4.7). It is better to see the problem as early as possible.

However after the first join, you have to check that the replication is 
working properly witch samba-tool drs showrepl, add a user on one side 
and check that it arrived on the other side.

Cheers,

Denis


-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr