[PATCH] Windows 2012 base schema support
Tim Beale
timbeale at catalyst.net.nz
Tue Oct 17 19:51:54 UTC 2017
Hi,
Garming has done some work on getting the Windows 2012 schema working in
Samba. I've tidied up the first set of patches, which add support for
the 2012 base schema files.
The patch file is ~3Mb, so I haven't attached it. You can view the
changes here:
http://git.catalyst.net.nz/gw?p=samba.git;a=shortlog;h=refs/heads/tim-2012-schema
Note that these changes do not include 2012 functional-level support.
Garming has got this going, and got a Windows 2012 DC joining
successfully, but the changes still require more work to clean-up. (Let
us know if you want to help out with this work).
The current set of patches just add the initial framework so that we can
develop 2012 schema support further. Specifically, they:
- Add the 2012 schema files.
- Add the Windows adprep files used to migrate from 2008R2 to 2012R2.
- Add an option to 'samba-tool domain provison' to choose what
base-schema you use (i.e. 2008R2 or 2012R2).
- Add a 'samba-tool domain schemaupgrade' command to apply schema
updates, i.e. upgrade a 2008R2 schema to a 2012R2 schema.
- Add a test that provisions a 2008 schema, then upgrades it to a 2012
schema, and checks that it matches a clean 2012 provision.
- Fix up some existing problems noticed in the current Samba 2008R2 schema.
This work highlights some issues. If we don't get the schema right
initially, it gets very awkward. E.g. the patch-set adds some changes
missing from the 2008R2 schema that Samba uses. But because there is no
change in the schema objectVersion, it's hard to tell whether a "2008R2"
Samba instance has these latest schema additions or not.
Another issue (highlighted in the new test) is that the 2008R2 schema
that Samba currently uses is missing a bunch of descriptions compared to
the latest 2008R2/2012R2 schemas published by Microsoft. So upgrading a
2008R2 Samba schema to 2012R2 is not the same as a fresh 2012R2
provision, due to these differences in description/etc (The question is
whether or not we care about this difference).
Cheers,
Tim
More information about the samba-technical
mailing list