Using -delete_groups with replicas that preserve identities and permissions
About this task
DevOps Code ClearCase® MultiSite customers who use identity-preserving and permissions-preserving replicas (created with mkreplica –preserve) must take several additional steps when they migrate those replicas’ hosts from Windows NT domains to Active Directory.
Because the changes in SIDs made by vob_sidwalk are not propagated by
replication, you must run vob_sidwalk on each identity-preserving and
permissions-preserving replica in a replica family when the server that hosts the replica is
migrated to Active Directory. When run on such a replica, vob_sidwalk preserves
the original SIDs on the VOB’s group list, so that operations that require container creation
continue to succeed whether or not all such replicas in a family have been updated. After all such
members of a replica family are updated, the administrator must run vob_sidwalk
again, using the –delete_groups option to remove these historical group SIDs.
Remove historical SIDs, because a VOB has a limit of 32 groups on its group list. Keeping unused
historical SIDs on the list may cause the list to overflow as new groups are added.
Note: This
procedure assumes that you have migrated user and group accounts for all users of all replicas to
Active Directory and that all users have set their CLEARCASE_PRIMARY_GROUP environment variable to the
name of the DevOps Code ClearCase users group in the
Active Directory domain.