On Wed, 13 Sep 2023 13:13:24 +0000 bd730c5053df9efb via samba <samba at lists.samba.org> wrote:> Hi! > > I'm going to piggyback on this answer and ask something that I've > been wondering. Is the idmap.ldb sync mentioned in the linked page a > one time thing before you replicate the sysvol or is it something you > should do periodically? If so, how often? > > Thanks in advance! > Best regards, > Dave. > >It needs to be done initially and then on a regular basis, though it shouldn't be needed every time. Rowland
On 2023-09-13 6:49 a.m., Rowland Penny via samba wrote:> On Wed, 13 Sep 2023 13:13:24 +0000 > bd730c5053df9efb via samba <samba at lists.samba.org> wrote: > >> I'm going to piggyback on this answer and ask something that I've >> been wondering. Is the idmap.ldb sync mentioned in the linked page a >> one time thing before you replicate the sysvol or is it something you >> should do periodically? If so, how often? >> > > It needs to be done initially and then on a regular basis, though it > shouldn't be needed every time.I also have some questions about this. Firstly: In my current process for Samba AD domain deployments, when joining a machine to the domain, I copy the idmap.ldb from the DC holding the FSMO PDC_Emulator_Role to each machine joining the domain *exactly once*: at the time of the initial join. Should I *also* create a periodic process that resyncs idmap.ldb from PDC_Emulator to domain-member servers (and to DCs that do not hold FSMO roles) on a regular basis? Secondly: If yes to my first question: How often should idmap.ldb be synced to member servers? What is a reasonable time period? Or is there some other event that should trigger a sync of idmap.ldb to domain members? And finally: What is meant by "it shouldn't be needed every time"? Are there instances where a domain-join does not require syncing idmap.ldb to the joining machine? Thank you for your time. -S.M.
Thank you very much for your reply! I have a follow up question, is it necessary to execute the command "samba-tool ntacl sysvolreset" every time y sync idmap.ldb? Would you care for me to update the wiki with these instructions? Thanks in advance! Best regards, Dave. Sent with Proton Mail secure email. ------- Original Message ------- On Wednesday, September 13th, 2023 at 10:49, Rowland Penny via samba <samba at lists.samba.org> wrote:> On Wed, 13 Sep 2023 13:13:24 +0000 > bd730c5053df9efb via samba samba at lists.samba.org wrote: > > > Hi! > > > > I'm going to piggyback on this answer and ask something that I've > > been wondering. Is the idmap.ldb sync mentioned in the linked page a > > one time thing before you replicate the sysvol or is it something you > > should do periodically? If so, how often? > > > > Thanks in advance! > > Best regards, > > Dave. > > > It needs to be done initially and then on a regular basis, though it > shouldn't be needed every time. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba