On 29/10/2022 15:18, Luis Peromarta via samba wrote:> Thanks Rowland. > > Yes I can manage backing up / restoring I?d map.lab > > Question is : supposed I have 3 different idmap.ldb in my DCs, is any of them any better ?They should all be very similar, the difference is that the xidNumber attributes are set on a first come basis, this means that a user or group gets the next xidNumber available and you cannot guarantee the order that they contact the DC, so 'Domain Users' (for instance) may have a different ID on each DC> > Would idmap.ldb from untouched DC3 be a better , more consistent one ?Doubtful, can I try and get across that idmap.ldb has nothing to do with your missing line, without the line, a DC will only use the xidNumber attributes in idmap.ldb This means that all the idmap.ldb files are viable, they are just likely to have different ID's for users & groups.> > Should I keep the untouched DC3 and re-join DC1 and DC2 ? Would that be a good idea ?Only if you like doing work that is pointless. Rowland
But the missing line *is* there on the smb.conf files in all DCs. Should I then sync idmap.ldb across all DCs, and if yes, which file , DC1, DC2 or the untouched DC3? Shall I transfer FSMO role to the DC that will provide the idmap.ldb file before backing up the file ? Nothing has been added to the AD since the rejoining process started a week ago. Also, I have plenty of backups from all DCs before the rejoining. Thanks Rowland, and apologies for my lack of knowledge of Samba internals. All the best. Sent from my iPhone> On 29 Oct 2022, at 15:31, Rowland Penny via samba <samba at lists.samba.org> wrote: > > Doubtful, can I try and get across that idmap.ldb has nothing to do with your missing line, without the line, a DC will only use the xidNumber attributes in idmap.ldb > This means that all the idmap.ldb files are viable, they are just likely to have different ID's for users & groups.