| commit | 739d7e54e78046dc77385b882fbba38ab5e7bd60 | |
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | |
| Wed, 2 Jun 2021 05:00:33 +0000 (2 17:00 +1200) | ||
| committer | Andrew Bartlett <abartlet@samba.org> | |
| Fri, 11 Jun 2021 07:41:38 +0000 (11 07:41 +0000) | ||
| tree | 628e4a838ca53dc56a32f03590eeebe9ebeb9bda | treesnapshot (tar.gz zip) |
| parent | 2a3b82ae2373c39a0a113d75a27a196b5233fe32 | commitdiff |
netcmd: Avoid conflicting SIDs when creating an offline backup
To allow the new DC object to be created in a restored domain while
avoiding conflicts with existing SIDS, we fetch a SID that is available
at the time of backing up and store it in the backed-up database.
However, if a new security principal is created on this DC during the
backup process, the stored SID may be reused for that object, resulting
in an error on restoration.
By getting the SID for restore only after all the database files have
been backed up, we ensure that the chosen SID does not conflict with any
objects in the backed-up database.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
To allow the new DC object to be created in a restored domain while
avoiding conflicts with existing SIDS, we fetch a SID that is available
at the time of backing up and store it in the backed-up database.
However, if a new security principal is created on this DC during the
backup process, the stored SID may be reused for that object, resulting
in an error on restoration.
By getting the SID for restore only after all the database files have
been backed up, we ensure that the chosen SID does not conflict with any
objects in the backed-up database.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
| python/samba/netcmd/domain_backup.py | diffblobblamehistory |