In a DM it is needed to set explicitly the '-H' options, in ldb* tools and in samba-tool to a valid DC. [This can be extended considering, in DC, the ability to point the -H option against the SAM database directly...] But a domain can have many DC, and some of that can be currently not available (in maintenance, ...), and so script based on that tools can fail, while the domain effectively continue to works as expected. Would be useful to have in that tool some sort of ''round robin'' or ''fallback'' against DC: eg, that tools determine the list of DCs (a simple DNS query), and choose the ''best and available'' one. I hope i was clear. Thanks.
Hi Marco, have you tried '-H ldap://samdom.example.com' Where 'samdom.example.com' is your dns domain.
Yes, and this effectively does 'round robin', but not failover: if the DNS query return a DC that is down, the script fail. An option will be to behave like: 1) choose a DC, possibly in 'smart way' (eg, one in local site) 2) check if it is alive 3) if not, return to 1) 4) connect to it.
In bash, i do: SITE=$(${LDBSEARCH} -H ldap://${DC} -P -b "CN=Subnets,CN=Sites,CN=Configuration,DC=ad,DC=fvg,DC=lnf,DC=it" "(cn=${LOCALNET})" siteObject | grep '^siteObject: ' | cut -d ' ' -f 2) # 'host' call does not return always ALL DC, so we put two times local DC, to be sure they get choosed. ${LDBSEARCH} -H ldap://${DC} -P -b "CN=SERVERS,${SITE}" "" dNSHostName | grep '^dNSHostName: ' | tee - | cut -d ' ' -f 2 >> ${TMPDC} for dc in $(cat ${TMPDC} | sort | uniq -d; cat ${TMPDC} | sort | uniq -u); do ${LDBSEARCH} -H ldap://${dc} -P -s one "(*)" > /dev/null 2> /dev/null if [ $? -eq 0 ]; then DC="$dc" break; fi done LDB_OPTS="-H ldap://${DC} -P" SAMBAT_OPTS="-H ldap://${DC} -P"