Age | Commit message (Collapse) | Author | Files | Lines |
|
New feature that enables LDAPCmp users to find unmatched or
missing ACEs in objects for the three naming contexts between
DCs in one domain (default) or different domains. Comparing
security descriptors is not the default action but attribute
compatison. So to activate the new mode there is --sd switch.
However there are two view modes to the new --sd action which
are 'section' (default) or 'collision'. In 'section' mode you
can only find differences connected to missing or value
unmatched ACEs but not disorder unmatch if ACE values and count
are the same. All of the mentioned differences plus disorder
ACE unmatch you can observe under 'collision' view however
it is more verbose.
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
added --pas, --dest-dsa and --replica-flags options
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
|
|
|
|
If no arguments given, ldapcmp will compare all NCs
|
|
This will enable us to compare two LDBs or and LDB with running
AD server. Comparing LDB against running running server
may come into handy when one want to see if 'net vampire'
command does what it does the right way
|
|
Those options are processed but never shown with --help argument
|
|
And also set 'creds2' to be equal to 'creds' in case
username2 paramater is not supplied on cmd line
|
|
this calls the netlogon DsrUpdateReadOnlyServerDnsRecords call to add
DNS entries for a RODC via RPC calls. The call is routed via a IRPC
call to winbind, as winbind is the one with the schannel credential
chaining setup.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this enumerates all LSA privileges on a server
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this allows for command line access to getncchanges
it also provides a good example of calling DRSUAPI interfaces from
python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This patch changes the behavior of LDAPCmp in a single domain
scenario. No place-holders will be applied during comparison
so replication will be fully tested and even the silightest
difference will pop up.
There is a second smaller fix when we compre hosts in different
domains. This fix disables ${SERVERNAME} paace-holder when there
are more then one serevr (domain controller) in the given domain.
|
|
This script will mostly be used by unit test (blackbox type) to test the
change of the dc password
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Recently I have found that after vampireing from a clean Windows
server we have the same DNS objects in the ldb. So ldapcmp has to
no longer ignore them.
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
|
|
|
|
|
|
- Added support for replicating hosts versus hosts in different domains
- Added switches for the following modes:
= two - ignores additional attributes that cannot be the same
in two different provisions (domains)
= quiet - display nothing, only return code
= verbose - display all dn objects through compare fase
= default - display only objects with differences
- Added more placeholders for nETBIOSDomainName and ServerName
|
|
I use this all the time, so I thought I'd put it in the tree for
others
|
|
remove IP from a previous vampire_ad.sh run
|
|
|
|
|
|
This allows you to run:
GDB="gdb --args" vampire_ad.sh
and also to add higher debug levels like this:
vampire_ad.sh -d100
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
this should be much more portable
|
|
Tridge, please check.
Guenther
|
|
|
|
|
|
By doing the unmount, we can avoid double-mounting st and bin
|
|
This rebuilds a DNS zone file, including all DCs from sam.ldb
|
|
This tool is integrated with Samba4 Ldb. It provides a useful output
where you can find easy differences in objects or attributes within
naming context (Domain, Configuration or Schema).
Added functionality for two sets of credentials.
|
|
this makes building and testing s4 as a developer much faster, if you
have enough memory!
|
|
|
|
This ensures we delete any nTDSConnection objects
|
|
This avoids having to do make install after each change when using the
drs devel scripts
|
|
These scripts, originally by tridge, allow developers to easily
reproduce the same domain join senerio time after time.
They need documentation, and the template named.conf and zone files
for hosting an AD domain are not provided. However, I hope to have
the provision script provide these shortly.
They assume a local 'bind' set up to read PREFIX/private/named.conf
(as per the provision instructions).
Ensure you edit the 'vars' file to match your local setup.
Andrew Bartlett
|