From Fedora Project Wiki

Description

This test case verifies that adcli info works even when the domain topology is complex.

Setup

  1. Setting up the requirements for this test is somewhat complex.
  2. It is necessary to have complete domain DNS resolution working for this test.
  3. Make sure to complete the prerequisites before starting this test.
  4. Test general adcli info functionality before doing this test.
  5. The domain must have multiple sites with one domain controller in each site. You must be able to modify the domain DNS configuration.
  6. The domain controller for the local site should be writable (the default).

How to test

  1. Run adcli to get the local computer-site:
    $ adcli info domain.example.com | grep computer-site
  2. Use the Active Directory Sites and Services tool on Windows Server to identify which is the domain controller that handles the local site.
  3. Use the Active Directory DNS on Windows server to remove the _ldap._tcp.domain.example.com record for the domain controller that covers the local site. There should be one or more other records for other domain controllers.
  4. Verify that the SRV record change has taken effect:
    $ host -t SRV _ldap._tcp.domain.example.com
    The domain controller for the local site should not be listed. There should be a at least one other domain controller listed.
  5. Run adcli to get domain info
    adcli info domain.example.com

Expected Results

The output should have the right domain-controller listed for the local site, even though it is missing from the SRV record.

The output domain-controller-site and computer-site should match.

The output should say domain-controller-usable = yes.



Troubleshooting

  • Use the --verbose argument to provide output when troubleshooting or reporting bugs.
  • If you have a caching nameserver between you and Active Directory you may need to restart it or wait until its caches timeout. Alternatively place the Active Directory DNS server directly in /etc/resolv.conf