From f52831bae5ddb40ad066cd8b9371fa40ad94f2cd Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 3 Sep 2016 21:58:47 +1200
Subject: [PATCH 1/2] dsdb/repl: Reduce noice during replication of Windows
 2012 R2 schema by ignoring more attributes

We do not need to know about the attributes that are permitted in a
class, nor the permitted parent or subClass values to convert the
objects from DRS, as we never enforce schema restrictions on DRS
replicated objects.

This will not change how we eventually succeed or fail, because we
have to convert the object in the end, but this means less looping
while we do that.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/dsdb/repl/replicated_objects.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c
index 46b0b66..b212064 100644
--- a/source4/dsdb/repl/replicated_objects.c
+++ b/source4/dsdb/repl/replicated_objects.c
@@ -122,8 +122,11 @@ WERROR dsdb_repl_resolve_working_schema(struct ldb_context *ldb,
 	int ret, pass_no;
 	uint32_t ignore_attids[] = {
 			DRSUAPI_ATTID_auxiliaryClass,
+			DRSUAPI_ATTID_systemAuxiliaryClass,
 			DRSUAPI_ATTID_mayContain,
+			DRSUAPI_ATTID_systemMayContain,
 			DRSUAPI_ATTID_mustContain,
+			DRSUAPI_ATTID_systemMustContain,
 			DRSUAPI_ATTID_possSuperiors,
 			DRSUAPI_ATTID_systemPossSuperiors,
 			DRSUAPI_ATTID_INVALID
-- 
2.7.4


From b0a22e870e27ef63f22577ec34ace5353c0c9f35 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 4 Sep 2016 08:30:16 +1200
Subject: [PATCH 2/2] repl: When replicating the schema, replicate the whole
 schema at once

This is critical for the operation of
dsdb_repl_resolve_working_schema(), because otherwise we may not get
an attribute before we try to convert a class containing it and store
it in the database.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/dsdb/repl/drepl_out_helpers.c | 41 ++++++++++++++++++++++++++++-------
 1 file changed, 33 insertions(+), 8 deletions(-)

diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c
index ac0b947..c76e537 100644
--- a/source4/dsdb/repl/drepl_out_helpers.c
+++ b/source4/dsdb/repl/drepl_out_helpers.c
@@ -440,6 +440,11 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
 	struct drsuapi_DsReplicaHighWaterMark highwatermark;
 	struct ldb_dn *schema_dn = ldb_get_schema_basedn(service->samdb);
 	struct drsuapi_DsReplicaOIDMapping_Ctr *mappings = NULL;
+	bool for_schema = false;
+
+	if (ldb_dn_compare_base(schema_dn, partition->dn) == 0) {
+		for_schema = true;
+	}
 
 	r = talloc(state, struct drsuapi_DsGetNCChanges);
 	if (tevent_req_nomem(r, req)) {
@@ -499,10 +504,6 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
 		}
 		replica_flags &= ~DRSUAPI_DRS_WRIT_REP;
 	} else if (partition->rodc_replica) {
-		bool for_schema = false;
-		if (ldb_dn_compare_base(schema_dn, partition->dn) == 0) {
-			for_schema = true;
-		}
 		status = dreplsrv_get_rodc_partial_attribute_set(service, r,
 								 &pas,
 								 &mappings,
@@ -549,8 +550,20 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
 		r->in.req->req8.highwatermark		= highwatermark;
 		r->in.req->req8.uptodateness_vector	= uptodateness_vector;
 		r->in.req->req8.replica_flags		= replica_flags;
-		r->in.req->req8.max_object_count	= 133;
-		r->in.req->req8.max_ndr_size		= 1336811;
+
+		/*
+		 * If we are replicating schema, we need to try and
+		 * get the whole partition in one hit, as
+		 * dsdb_repl_resolve_working_schema() relies on
+		 * this.
+		 */
+		if (for_schema) {
+			r->in.req->req8.max_object_count	= 20000;
+			r->in.req->req8.max_ndr_size		= 0x400000;
+		} else {
+			r->in.req->req8.max_object_count	= 133;
+			r->in.req->req8.max_ndr_size		= 1336811;
+		}
 		r->in.req->req8.extended_op		= state->op->extended_op;
 		r->in.req->req8.fsmo_info		= state->op->fsmo_info;
 		r->in.req->req8.partial_attribute_set	= pas;
@@ -565,8 +578,20 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
 		r->in.req->req5.highwatermark		= highwatermark;
 		r->in.req->req5.uptodateness_vector	= uptodateness_vector;
 		r->in.req->req5.replica_flags		= replica_flags;
-		r->in.req->req5.max_object_count	= 133;
-		r->in.req->req5.max_ndr_size		= 1336770;
+
+		/*
+		 * If we are replicating schema, we need to try and
+		 * get the whole partition in one hit, as
+		 * dsdb_repl_resolve_working_schema() relies on
+		 * this.
+		 */
+		if (for_schema) {
+			r->in.req->req5.max_object_count	= 20000;
+			r->in.req->req5.max_ndr_size		= 0x400000;
+		} else {
+			r->in.req->req5.max_object_count	= 133;
+			r->in.req->req5.max_ndr_size		= 1336811;
+		}
 		r->in.req->req5.extended_op		= state->op->extended_op;
 		r->in.req->req5.fsmo_info		= state->op->fsmo_info;
 	}
-- 
2.7.4