Lessons learned first tutorial
- 1 Introduction
- 2 Useful scripts
- 3 Git grep
- 4 Windows command to add user accounts:
- 5 Searching an user description against a domain controller
- 6 Searching for a GUID
- 7 Repadmin
- 8 DSReplicaSync message
- 9 replPropertyMetaData
- 10 repsTo and repsFrom
- 11 @REPLCHANGED
- 12 replUpToDateVector
- 13 See Also
- 14 External Links
This is a quick guide for the lessons learned during Tridge's first tutorial (10/14/2009). Meeting's video can be found here.
There are a set of useful scripts to use during development in: samba/source4/scripting/devel/drs/
"vars" file should be updated to use these scripts.
Look for specified patterns in the working tree files, blobs registered in the index file, or given tree objects.
e.g.: git grep replPropertyMetaData
Windows command to add user accounts:
C:\Users\Administrator>net user USERNAME PASSWORD /add
C:\Users\Administrator>net group "domain admins" USERNAME /add
Searching an user description against a domain controller
bin/ldbsearch -H ldap://w2k8 -Uadministrator%PASSWORD samaccountname=USERNAME description
ldap://w2k8: windows domain controller
~/prefix/private/sam.ldb: local domain controler
Searching for a GUID
bin/ldbsearch -H ../../prefix/private/sam.ldb --controls search_options:1:2 objectguid=b2c204f0-b050-4d8f-90e2-70d51adc070b dn objectGUID
"--controls search_options:1:2" - LDAP searches across the entire databases, crossing partitions boundaries
Replication administration command that has all sort of useful operations where we can force Windows to do particular replication operations.
Forces the knowledge consistency checker to run. Useful command to kickoff Windows to look for other domain controllers and to add them properly in the domain.
repadmin /syncall /A
Tells Windows Domain Controller to imediate do a full replication against all other domain controllers for all partitions.
This is a mechanism used by one domain controller to notify another domain controller that the first one has changes that the other domain controller should pull.
Replication happens as a pull operation, a domain controller do a GetNCChanges and that asks all the changes that another domain controller has to be packaged up and sent to the first domain controller.
Contains all the replication information of an object. Contains information about every replicable attribute and replicable object and says when it was last changed, how many times it has changed, and who last changed it.
bin/ldbsearch -H ldap://w2k8 -Uadministrator%passL3N0V0 samaccountname=tridge replPropertyMetaData --show-binary
repsTo and repsFrom
Used for a domain controller to replicate to/from another domain controller. DSReplicaSync message uses repsTo.
bin/ldbsearch -H ldap://w2k8 -Uadministrator%passL3N0V0 -s base --show-binary repsFrom
Changes to the partitions are detected using @REPLCHANGED record. It tells that something has changed in the partition. Every time there is a change made to a replPropertyMetaData attribute, it also increases the uSNHighest attribute in the @REPLCHANGED object for each partition.
bin/ldbsearch -H ../../prefix/private/users.ldb -b @REPLCHANGED -s base guid
Changes are detected using @REPLCHANGED object. Then a DSReplicaSync message is sent to the other domain controllers. The other domain controllers then do a GetNCChanges that pulls the changed objects and updates the database.
This attribute stored in each partition gives information about all of the previous replications that have happened to each other domain controller surround
bin/ldbsearch -H ../../prefix/private/sam.ldb -s base replUpToDateVector --show-binary