Web lists-archives.com

Re: [Samba] Verifying idmap.ldb consistency across domain controllers

On 5/8/2018 9:07 AM, Rowland Penny via samba wrote:
On Tue, 8 May 2018 08:59:52 -0400
lingpanda101 via samba <samba@xxxxxxxxxxxxxxx> wrote:


      Is there a command or quick way to verify idmap.ldb is
consistent across domain controllers? Similar to using samba-tool to
compare two ldap databases? Thanks.

No, but if haven't synced idmap.ldb from the first DC to all other DCs,
then you can take it for granted they are not consistent ;-)


My concern is with human error and built in groups. I'm using RFC2307 on all DC's so all UID's and GID's for manually created user & groups I should be good. I'm pretty confident for all DC's I have added to the domain, I took the step to copy and replace idmap.ldb. If I search for one builtin user and group and verify XID's across domain controllers. Can I deduce I have in fact took care to copy and replace idmap.ldb from the 1st DC? What are some tell tell signs of idmap.ldb inconsistency? Thanks for any guidance.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba