> On 26. Oct 2023, at 17.49, Rowland Penny via samba <samba at lists.samba.org> wrote: > > On Thu, 26 Oct 2023 17:02:34 +0300 > Perttu Aaltonen via samba <samba at lists.samba.org> wrote: > >> Quick question. Can the LDB tools that modify the database files >> directly be used without stopping Samba DC? Specifically ldbmodify? > > No problem, also you can use the machine password '-P' for most searches > >> >> What about when there are more than one DC? Anything to take into >> account or best practices? > > The better question would be, 'What if there are multiple sysadmins ?', > you should always have more than one DC. > > With multiple sysadmins, you could get 'collisions', especially if they > try to change the same object on different DCs, so best practice would > be to always do any changes on one DC (Usually the one holding the > PDC_Emulator FSMO role). > > Rowland >Thanks Rowland. Now to write a ldbmodify script... -Perttu
Op 27-10-2023 om 10:32 schreef Perttu Aaltonen via samba:>> On 26. Oct 2023, at 17.49, Rowland Penny via samba <samba at lists.samba.org> wrote: >> >> On Thu, 26 Oct 2023 17:02:34 +0300 >> Perttu Aaltonen via samba <samba at lists.samba.org> wrote: >> >>> Quick question. Can the LDB tools that modify the database files >>> directly be used without stopping Samba DC? Specifically ldbmodify? >> No problem, also you can use the machine password '-P' for most searches >> >>> What about when there are more than one DC? Anything to take into >>> account or best practices? >> The better question would be, 'What if there are multiple sysadmins ?', >> you should always have more than one DC. >> >> With multiple sysadmins, you could get 'collisions', especially if they >> try to change the same object on different DCs, so best practice would >> be to always do any changes on one DC (Usually the one holding the >> PDC_Emulator FSMO role). >> >> Rowland >> > Thanks Rowland. Now to write a ldbmodify script...Probably something like this: cat << EOF > ldbmod dn: <DN TO CHANGE> changetype: modify replace: <ATTR TO CHANGE> <ATTR TO CHANGE>: <NEW VALUE FOR THE ATTR> EOF ldbmodify -H /var/lib/samba/private/sam.ldb ldbmod - Kees.> > -Perttu