Using -delete_groups with replicas that preserve identities and permissions
About this task
DevOps Code ClearCase® MultiSite customers who use identity-preserving and permissions-preserving replicas (created with mkreplica –preserve) must take several additional steps when they migrate those replicas’ hosts from Windows NT® domains to Active Directory.
Because the changes in SIDs made by vob_sidwalk are not propagated by
replication, you must run vob_sidwalk on each identity-preserving and
permissions-preserving replica in a replica family when the server that hosts the replica is
migrated to Active Directory. When run on such a replica, vob_sidwalk preserves
the original SIDs on the VOB’s group list, so that operations that require container creation
continue to succeed whether or not all such replicas in a family have been updated. After all such
members of a replica family are updated, the administrator must run vob_sidwalk
again, using the –delete_groups option to remove these historical group SIDs.
Remove historical SIDs, because a VOB has a limit of 32 groups on its group list. Keeping unused
historical SIDs on the list may cause the list to overflow as new groups are added.
Note: This
procedure assumes that you have migrated user and group accounts for all users of all replicas to
Active Directory and that all users have set their CLEARCASE_PRIMARY_GROUP environment variable to the
name of the DevOps Code ClearCase users group in the
Active Directory domain.