lingpanda101
2018-May-08 12:59 UTC
[Samba] Verifying idmap.ldb consistency across domain controllers
Hello, Is there a command or quick way to verify idmap.ldb is consistent across domain controllers? Similar to using samba-tool to compare two ldap databases? Thanks. -- -- James
Rowland Penny
2018-May-08 13:07 UTC
[Samba] Verifying idmap.ldb consistency across domain controllers
On Tue, 8 May 2018 08:59:52 -0400 lingpanda101 via samba <samba at lists.samba.org> wrote:> Hello, > > Is there a command or quick way to verify idmap.ldb is > consistent across domain controllers? Similar to using samba-tool to > compare two ldap databases? Thanks. >No, but if haven't synced idmap.ldb from the first DC to all other DCs, then you can take it for granted they are not consistent ;-) Rowland
lingpanda101
2018-May-08 13:23 UTC
[Samba] Verifying idmap.ldb consistency across domain controllers
On 5/8/2018 9:07 AM, Rowland Penny via samba wrote:> On Tue, 8 May 2018 08:59:52 -0400 > lingpanda101 via samba <samba at lists.samba.org> wrote: > >> Hello, >> >> Is there a command or quick way to verify idmap.ldb is >> consistent across domain controllers? Similar to using samba-tool to >> compare two ldap databases? Thanks. >> > No, but if haven't synced idmap.ldb from the first DC to all other DCs, > then you can take it for granted they are not consistent ;-) > > Rowland >My concern is with human error and built in groups. I'm using RFC2307 on all DC's so all UID's and GID's for manually created user & groups I should be good. I'm pretty confident for all DC's I have added to the domain, I took the step to copy and replace idmap.ldb. If I search for one builtin user and group and verify XID's across domain controllers. Can I deduce I have in fact took care to copy and replace idmap.ldb from the 1st DC? What are some tell tell signs of idmap.ldb inconsistency? Thanks for any guidance. -- -- James