[Samba] ad2003 schema while forest/domain at 2008R2 level
Rowland Penny
rpenny at samba.org
Wed Sep 28 16:01:19 UTC 2016
On Wed, 28 Sep 2016 17:37:32 +0200
Denis Cardon via samba <samba at lists.samba.org> wrote:
> Hi everyone,
>
> I came across this issue today while upgrading a samba4 AD. The
> forest/domain level is 2008R2, however the schema partition is
> actually missing the msDS-isRODC attribute (and probably a few
> others). It makes the ADUC console to failed on that entry below.
> Here is the samba log message (which is quite explicit :-)
>
> Sep 28 16:55:36 srvads samba[27900]: [2016/09/28 16:55:36.819666, 0]
> ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
> Sep 28 16:55:36 srvads samba[27900]: ldb: acl_read:
> CN=SRVADS,OU=Domain Controllers,DC=domain,DC=lan cannot find
> attr[msDS-isRODC] in of schema
>
> I don't know how I messed up the schema partition, and since I don't
> have any side effect but the ADUC failure message when clicking on
> the dc entry (everything else works fine), I think that error is
> lying there for quite some time. The domain was upgraded from a MSAD
> 2003 domain three or four years ago.
>
> So my question is : since my DC is already on 2008R2 domain/forest
> level, is there anyway I can force the schema upgrade to 2008R2
> independently of the samba-tool domain raise command line?
>
> Cheers,
>
> Denis
>
>
>
You could start by finding out just what schema version you actually
have, see here:
https://wiki.samba.org/index.php/AD_Schema_Version_Support
Rowland
More information about the samba
mailing list