[Samba] Upgrade old infrastructure running 4.3 (and 4.13)

Wed Sep 1 13:05:16 UTC 2021

On Wed, 2021-09-01 at 13:18 +0200, Lorenzo Milesi via samba wrote:
> Hi. 
> I've a hybrid installation with a master DC running Ubuntu 16.04's
> "stock" 4.3 Samba, and a second DC running 4.13. Currently FSMO roles
> are on the 4.3 as it was the first server, and I cannot transfer them
> to the 4.13 as there are schema differences [1].
> We're finally going to upgrade unmantained Ubuntu and Samba.
> From what I could understand by reading the upgrade guides I'm going
> to: 
> * upgrade the OS, which will take Samba to 4.7
> * run db check
> * install 4.14
> * run db check
> 
> Is this correct or should I take other steps?
> 
> Thanks
> 
> 
> [1] ERROR: Failed to add role 'domaindns': LDAP error 16
> LDAP_NO_SUCH_ATTRIBUTE -  <attribute 'fSMORoleOwner': no matching
> attribute value while deleting attribute on
> 'CN=Infrastructure,DC=DomainDnsZones,DC=contoso,DC=lan'> <>
> -- 
> Lorenzo Milesi - lorenzo.milesi at yetopen.com 
> CTO @ YetOpen Srl
> 
> YetOpen - https://www.yetopen.com/
> 
> Via Salerno 18 - 23900 Lecco - ITALY -      | 4801 Glenwood Avenue -
> Suite 200 - Raleigh, NC 27612 - USA -
> Tel +39 0341 220 205 - info.it at yetopen.com  | Phone +1 919-817-8106 -
> info.us at yetopen.com
> 
> Think green - Non stampare questa e-mail se non necessario / Don't
> print this email unless necessary
> 
> -------- D.Lgs. 196/2003 e GDPR 679/2016 --------
> Tutte le informazioni contenute in questo messaggio sono riservate ed
> a uso esclusivo del destinatario.
> Tutte le informazioni ivi contenute, compresi eventuali allegati,
> sono da ritenere confidenziali e riservate secondo i termini
> del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento
> europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione
> ulteriore non autorizzata.
> Nel caso in cui questo messaggio Le fosse pervenuto per errore, La
> invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a
> terzi e ad avvertirci non appena possibile.
> Grazie.
> 
> Confidentiality notice: this email message including any attachment
> is for the sole use of the intended recipient and may contain
> confidential and privileged information;
> pursuant to Legislative Decree 196/2003 and the European General Data
> Protection Regulation 679/2016 - GDPR - any unauthorized review, use,
> disclosure or distribution
> is prohibited. If you are not the intended recepient please delete
> this message without copying, printing or forwarding it to others,
> and alert us as soon as possible.
> Thank you.
> 

If the data on the second DC is correct:
Seize the FSMO roles to it.
Turn off the first DC.
Demote the first DC with:
samba-tool domain demote --remove-other-dead-server=FIRSTDC_NAME

Now start again adding new DC's

Never turn the old DC on again.

Rowland