[Samba] Samba 4.11.0RC1 replication with Windows2012R2 ?

[Tim Beale]

On 31/07/19 2:33 AM, Luc Lalonde wrote:
>
> Here's my understanding of the workflow:
>
>  1. Upgrade Samba DC's to version 4.11.x
>  2. Promote domain to schema 69
>  3. Transfer FSMO roles to Windows 2008R2 Server
>  4. Join Windows 2012R2 Server to domain
>  5. Delete Windows 2008R2 Server
>
As you've already got a Windows 2008R2 DC in your network, when you join
the 2012R2 DC it should automatically upgrade the schema. So this is
probably the most reliable/easiest way for your setup:

1. Upgrade Samba DC's to version 4.11.x
2. Transfer FSMO roles to Windows 2008R2 Server
3. Join Windows 2012R2 Server to domain (this should automatically
promote domain to schema 69).
4. Delete Windows 2008R2 Server

You could in theory use samba to upgrade the schema instead, which would
avoid the need for the FSMO role transfers. However, given you've got 2
different Windows versions here, I think it's best here to let Windows
sort out the interoperability. For reference, using Samba to do the
schema upgrade would look like:

1. Upgrade Samba DC's to version 4.11.x
2. Promote domain to schema 69 (using samba-tool domain schemaupgrade)
3. Join Windows 2012R2 Server to domain.

However, this approach would be more useful for users that didn't
already have a Windows 2008R2 DC in their network.

> When I join the Windows 2012R2 Server to the domain, how do I make
> sure that it doesn't try to upgrade the functional level to 2012R2?
>
You have to manually raise the functional level. This shouldn't
accidentally happen.
https://support.microsoft.com/en-nz/help/322692/how-to-raise-active-directory-domain-and-forest-functional-levels

> Do you know if 2012R2 functional level is planned for Samba 4.12.x ?
>
Sadly, no. Unfortunately this is a significant undertaking (it requires
a lot of Heimdal/FAST/Claims support work). Right now, we'd need some
more funding to make this happen.