[Samba] Schema Update to store TPM data in AD DS
Andrew Bartlett
abartlet at samba.org
Fri Sep 7 18:35:38 UTC 2018
On Fri, 2018-09-07 at 18:14 +0200, Johannes Engel via samba wrote:
> Hi all,
>
> has anyone here experience with storing BitLocker and TPM data in AD DS on
> Samba?
> I have stumbled across this Microsoft page (
> https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/jj635854%28v%3dws.11%29)
> stating that Windows 2008 R2 needs a schema extension to handle this. Since
> this is not listed as a safe update in the wiki (
> https://wiki.samba.org/index.php/Samba_AD_schema_extensions), I would like
> to know if anybody has already tried this, since I do not have any
> experience with restoring a schema after a failed import. ;)
> Thanks a lot for your input.
We actually have a fully tested (just not widely deployed) upgrade tool
for schema, and a fully tested upgrade to the 2012 schema.
>From the testsuite:
$BINDIR/samba-tool domain schemaupgrade -H
tdb://$PREFIX_ABS/2008R2_schema/private/sam.ldb --schema=2012_R2
I hope this helps,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list