help="Print all available information (very verbose)")
parser.add_option("--resetfileacl", action="store_true",
help="Force a reset on filesystem acls in sysvol / netlogon share")
+parser.add_option("--nontaclfix", action="store_true",
+ help="In full upgrade mode do not try to upgrade sysvol / netlogon acls")
parser.add_option("--fixntacl", action="store_true",
help="Only fix NT ACLs in sysvol / netlogon share")
+parser.add_option("--db_backup_only", action="store_true",
+ help="Do the backup of the database in the provision, skip the sysvol / netlogon shares")
parser.add_option("--full", action="store_true",
help="Perform full upgrade of the samdb (schema, configuration, new objects, ...")
return 0
-def backup_provision(paths, dir):
+def backup_provision(paths, dir, only_db):
"""This function backup the provision files so that a rollback
is possible
:param paths: Paths to different objects
:param dir: Directory where to store the backup
+ :param only_db: Skip sysvol for users with big sysvol
"""
- if paths.sysvol:
+ if paths.sysvol and not only_db:
copytree_with_xattrs(paths.sysvol, os.path.join(dir, "sysvol"))
shutil.copy2(paths.samdb, dir)
shutil.copy2(paths.secrets, dir)
if __name__ == '__main__':
global defSDmodified
defSDmodified = False
+
+ if opts.nontaclfix and opts.fixntacl:
+ message(SIMPLE, "nontaclfix and fixntacl are mutally exclusive")
# From here start the big steps of the program
# 1) First get files paths
paths = get_paths(param, smbconf=smbconf)
ldbs = get_ldbs(paths, creds, session, lp)
backupdir = tempfile.mkdtemp(dir=paths.private_dir,
prefix="backupprovision")
- backup_provision(paths, backupdir)
+ backup_provision(paths, backupdir, opts.db_backup_only)
try:
ldbs.startTransactions()
update_provision_usn(ldbs.sam, minUSN, maxUSN, names.invocation)
if opts.full and (names.policyid is None or names.policyid_dc is None):
update_policyids(names, ldbs.sam)
- if opts.full or opts.resetfileacl or opts.fixntacl:
- try:
- update_gpo(paths, ldbs.sam, names, lp, message, 1)
- except ProvisioningError, e:
- message(ERROR, "The policy for domain controller is missing. "
- "You should restart upgradeprovision with --full")
- except IOError, e:
- message(ERROR, "Setting ACL not supported on your filesystem")
- else:
- try:
- update_gpo(paths, ldbs.sam, names, lp, message, 0)
- except ProvisioningError, e:
- message(ERROR, "The policy for domain controller is missing. "
- "You should restart upgradeprovision with --full")
+ if opts.nontaclfix:
+ if opts.full or opts.resetfileacl or opts.fixntacl:
+ try:
+ update_gpo(paths, ldbs.sam, names, lp, message, 1)
+ except ProvisioningError, e:
+ message(ERROR, "The policy for domain controller is missing. "
+ "You should restart upgradeprovision with --full")
+ except IOError, e:
+ message(ERROR, "Setting ACL not supported on your filesystem")
+ else:
+ try:
+ update_gpo(paths, ldbs.sam, names, lp, message, 0)
+ except ProvisioningError, e:
+ message(ERROR, "The policy for domain controller is missing. "
+ "You should restart upgradeprovision with --full")
if not opts.fixntacl:
ldbs.groupedCommit()
new_ldbs.groupedCommit()