[Samba] Schema Update to store TPM data in AD DS

Andrew Bartlett abartlet at samba.org
Fri Sep 7 18:35:38 UTC 2018

On Fri, 2018-09-07 at 18:14 +0200, Johannes Engel via samba wrote:
> Hi all,
> has anyone here experience with storing BitLocker and TPM data in AD DS on
> Samba?
> I have stumbled across this Microsoft page (
> https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/jj635854%28v%3dws.11%29)
> stating that Windows 2008 R2 needs a schema extension to handle this. Since
> this is not listed as a safe update in the wiki (
> https://wiki.samba.org/index.php/Samba_AD_schema_extensions), I would like
> to know if anybody has already tried this, since I do not have any
> experience with restoring a schema after a failed import. ;)
> Thanks a lot for your input.

We actually have a fully tested (just not widely deployed) upgrade tool
for schema, and a fully tested upgrade to the 2012 schema.

>From the testsuite:

$BINDIR/samba-tool domain schemaupgrade -H
tdb://$PREFIX_ABS/2008R2_schema/private/sam.ldb --schema=2012_R2

I hope this helps,

Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list