[Samba] AD Schema Upgrade from 2003 to 2008_R2
Andrew Martin
amartin at xes-inc.com
Wed Jul 14 12:04:17 UTC 2021
Hello,
A long time ago, I ran "samba-tool domain level raise --domain-level=2008_R2"
to raise the domain Functional Level of my Samba AD from 2003 to 2008_R2. At
the time, I don't think the "samba-tool domain schemaupgrade" command existed,
or at least it wasn't included in these instructions on how to raise the
Functional Level:
https://wiki.samba.org/index.php/Raising_the_Functional_Levels
Now I'm looking at raising the Schema Level and Functional Prep Level from
2008_R2 to 2012_R2 (but not the Functional Level since I know 2012_R2 isn't
supported yet) and following this step:
https://wiki.samba.org/index.php/AD_Schema_Version_Support#Live_Upgrade
However, I am wondering if the schema changes from 2003 to 2008_R2 were never
applied since that was a manual process of specifying adprep LDIFs (which I
did not do when upgrading from 2003 to 2008_R2).
So related to this, I have the following questions:
* is there a way to easily check if the schema changes from 2003 to 2008_R2
were already successfully applied? My DC says that objectVersion is 47, but
I wonder if that attribute was just updated by raising the Functional Level
but the schema is not actually updated?
* should I run "samba-tool domain schemaupgrade --ldf-file=sch31.ldf" and
similar for sch31.ldf through sch47.ldf to ensure that my current 2008_R2
instance is actually up-to-date? Will this do any harm (e.g. is applying
these twice harmful or is it a problem when the domain thinks it is already
on Functional Level 2008_R2)?
* am I correct in understanding that once on 2008_R2 I should run these
commands in this order to upgrade the schema from 2008_R2 to 2012_R2?
samba-tool domain schemaupgrade --schema=2012_R2
< restart samba-ad-dc >
samba-tool domain functionalprep --function-level=2012_R2
* is there any harm in running the sch31.ldf through sch47.ldf files on a
domain that has already had the above commands run on it to upgrade to
2012_R2 (in other words, is it harmful to apply these LDIFs in the wrong
order)?
Thanks for the guidance on how to successfully (and safely) do this.
Andrew
More information about the samba
mailing list