[Samba] Samba 4 schema upgrade.

Rowland Penny rowlandpenny241155 at gmail.com
Thu Aug 13 13:39:36 UTC 2015

On 13/08/15 13:41, Christophe Borivant wrote:
> Hello,
> We achieved our Domain Migration from Windows 2003 R2 server to Samba 4.2.3 (sernet binaries).
> Now Samba 4 is the only domain controller.
> When we use ADUC and click on Domain Controllers we have an error.
> At the same time if we have a look at de syslog messages on the server, we can see "ldb: acl_read: CN=SERVER,OU=Domain Controllers,DC=DOMAIN,DC=com cannot find attr[msDS-isRODC] in of schema".
> The domain has been migrated from Windows 2003 R2 so the AD schema revision is 31.
> However msDS-isRODC has been introduced in AD schema revision 33.
> When provisioning a new domain with samba 4.2.3, the AD schema revision is 47.
> Using .ldf files provided on the windows 2008 R2 install CD ( in support/adprep ), do you think it would be safe to try to upgrade the schema to revision 47 ?
> Christophe Borivant

Not sure, but samba ships the .ldifs it uses, you can find them in 

I would try it first on a clone of your DC running in a VM, extending 
the schema works, you just need to have the correct ldif's, see the 
samba wiki for instructions.
You will also probably have to run 'samba-tool domain level raise 


More information about the samba mailing list