[Samba] Howto test upgrades?

[Sketch]

On Tue, 19 Apr 2016, Klaus Hartnegg wrote:

> How are AD-DC admins supposed to test upgrades? If there is more than one 
> AD-DC, an upgraded DC which causes problems cannot (must not) be restored 
> from backup. This is one of the reasons why I do not want to switch to AD. A 
> PDC *can* simply be restored from backup. It is even enough to switch back to 
> the previous contents of /usr/local/samba, a matter of seconds.

Note that if you only have a single DC, you can restore from backup (or a 
previous copy of /usr/local/samba).  So if you only have a single PDC and 
no BDCs, you are in the same position.  It's only when you have multiple 
live DCs that it becomes a problem.

My method for upgrading has been to upgrade the primary DC that holds all 
of the FSMO roles first.  If there are no problems after a day or two, 
upgrade the rest.  If there are problems, transfer the roles to another DC 
and rebuild the former primary.  If you have your FSMO roles split between 
DCs, that would be a little more complicated, obviously.

I have yet to have any major problems that required a downgrade, though I 
generally stay on the older stable releases and don't rush to upgrade 
until all the problems on the mailing list seem to have been sorted out. 
I have had a few issues with leftover entries in the LDAP database I had 
to clean up manually, but that's about it.  I recall a samba dev on this 
list recently said newer versions are supposed to be better about not 
doing that, so there may be some advantages to using newer versions...

BTW, I seem to recall reading that either Windows Server 2016 or the next 
client version of windows will drop support for NT4 domains entirely, so 
it's only a matter of time before NT4 domains are no longer an option.