[Samba] Sanity Check my upgrade: Samba AD Domain from 4.7.6 to 4.13.17 (Ubuntu 18.04 to 20.04)

Holan defactoman at gmail.com
Fri Sep 23 17:47:53 UTC 2022 

I know a few of these have been posted and reading them has helped me craft
the update method I will use.  As my moment draws near I'm hoping someone
can  let me know if I have the right idea on how to perform the update to
my domain.

I have two domain controllers running on Ubuntu 18.04 with Samba
4.7.6~dfsg. If anyone has any suggestions or common pitfalls they would
like to share I would be grateful as I'm hoping to make this smooth and
there are some smart people on this listserv.  Here is my plan.

The plan:  update two Samba AD DCs running on Ubuntu 18.04 to 20.04 using
BIND as a DNS backend.  Changing the version from 4.7.6 to 4.13.17.

The steps:
PRE-STEP 0) read all the patch notes from 4.7.6 to 4.13.17.  REQUEST:  If
anyone has any common areas of concern jumping from 4.7.6 to 4.13.17 I
would love to hear them.  I have domain members on Windows, Mac and Linux
(RHEL/Ubuntu) with a mix of Winbind and SSSD depending on the server owners
preference on the Linux side.   I try to use Winbind whenever possible.   I
run BIND DNS as the backend on the DCs.

1) Run dbcheck on current 4.7.6 domain and ensure it is in good health.
2) Create a new server running on Ubuntu 20.04 (not using 22.04 to avoid
making the samba version jump too big - is my reasoning okay?).
3) Install samba ad according to normal installation methods (get DNS
setup...etc.) and join it to the existing domain running on 4.7.6.
4) Verify the new domain controller is working and replicating okay.  Give
it 30 minutes to stabilize and ensure operation.
5) Transfer the FSMO role from the 4.7.6 DC that holds it to the new
4.13.17 DC I just setup.
6) Demote the 4.7.6 DC I just transferred the FSMO from.
7) Verify that the domain is still working.
8) Start replacement of the second 4.7.6 DC.  Create a new server running
on Ubuntu 20.04.
9) Install Samba AD the same way per my environment.
10) Join to the domain.
10) Verify it is functional and replicating
11) Demote the remaining 4.7.6 DC it is replacing.
12) re-verify everything is working, check replication, run dbcheck again,
and then drink a beer either way.

This should then leave me with two new Domain Controllers running 4.13.17.
Both 4.7.6 would be demoted and everything should be happy.

Does this sound correct?   Any suggestions are appreciated as I really
don't want to screw this up.  Thanks and I really appreciate everyone's
efforts on this listserv.  I've been using it as a resource for what feels
like a decade at this point.

--

More information about the samba mailing list