[Samba] AD Schema Upgrade from 2003 to 2008_R2

Andrew Martin amartin at xes-inc.com
Wed Jul 14 12:04:17 UTC 2021


A long time ago, I ran "samba-tool domain level raise --domain-level=2008_R2" 
to raise the domain Functional Level of my Samba AD from 2003 to 2008_R2. At 
the time, I don't think the "samba-tool domain schemaupgrade" command existed, 
or at least it wasn't included in these instructions on how to raise the 
Functional Level:

Now I'm looking at raising the Schema Level and Functional Prep Level from 
2008_R2 to 2012_R2 (but not the Functional Level since I know 2012_R2 isn't 
supported yet) and following this step:

However, I am wondering if the schema changes from 2003 to 2008_R2 were never 
applied since that was a manual process of specifying adprep LDIFs (which I 
did not do when upgrading from 2003 to 2008_R2).

So related to this, I have the following questions:
* is there a way to easily check if the schema changes from 2003 to 2008_R2 
  were already successfully applied? My DC says that objectVersion is 47, but 
  I wonder if that attribute was just updated by raising the Functional Level 
  but the schema is not actually updated?

* should I run "samba-tool domain schemaupgrade --ldf-file=sch31.ldf" and 
  similar for sch31.ldf through sch47.ldf to ensure that my current 2008_R2 
  instance is actually up-to-date? Will this do any harm (e.g. is applying 
  these twice harmful or is it a problem when the domain thinks it is already 
  on Functional Level 2008_R2)? 

* am I correct in understanding that once on 2008_R2 I should run these 
  commands in this order to upgrade the schema from 2008_R2 to 2012_R2?
    samba-tool domain schemaupgrade --schema=2012_R2
    < restart samba-ad-dc >
    samba-tool domain functionalprep --function-level=2012_R2

* is there any harm in running the sch31.ldf through sch47.ldf files on a 
  domain that has already had the above commands run on it to upgrade to 
  2012_R2 (in other words, is it harmful to apply these LDIFs in the wrong 

Thanks for the guidance on how to successfully (and safely) do this.


More information about the samba mailing list