self.assertFalse(not_delegated)
samdb = self.get_samdb()
- rodc_samdb = self.get_rodc_samdb()
-
- rodc_dn = self.get_server_dn(rodc_samdb)
user_name = self.get_new_username()
if name_prefix is not None:
# Handle secret replication to the RODC.
if allowed_replication or revealed_to_rodc:
+ rodc_samdb = self.get_rodc_samdb()
+ rodc_dn = self.get_server_dn(rodc_samdb)
+
# Allow replicating this account's secrets if requested, or allow
# it only temporarily if we're about to replicate them.
allowed_cleanup = self.add_to_group(
revealed=revealed_to_rodc)
if denied_replication:
+ rodc_samdb = self.get_rodc_samdb()
+ rodc_dn = self.get_server_dn(rodc_samdb)
+
# Deny replicating this account's secrets to the RODC.
self.add_to_group(dn, rodc_dn, 'msDS-NeverRevealGroup')