Paul Littlefield
2024-Mar-20 17:14 UTC
[Samba] Raise Domain Level, Forest Level and Schema for Bitlocker integration
On 18/03/2024 15:44, Paul Littlefield via samba wrote:> > I would like to add BitLocker integration to the three DCs we have running 4.15.13 on Ubuntu 22.04 LTS. > > The DC has been around a while and is currently on Schema version 47 and Domain level 2008_R2. > > Can I confirm that the procedure to upgrade the three DCs is as follows:- > > 1) backup > 2) upgrade domain and forest to latest 2012_R2 > 3) upgrade the schema to latest 2012_R2 > > Also, in what order of DCs should I perform these changes? > > DC5 (FSMO Role) > DC6 > DC7Did anyone have a comment on this please? -- Paul Littlefield
james.atwell365 at gmail.com
2024-Mar-20 18:25 UTC
[Samba] Raise Domain Level, Forest Level and Schema for Bitlocker integration
> -----Original Message----- > From: samba <samba-bounces at lists.samba.org> On Behalf Of Paul Littlefield > via samba > Sent: Wednesday, March 20, 2024 1:14 PM > To: samba at lists.samba.org > Subject: Re: [Samba] Raise Domain Level, Forest Level and Schema forBitlocker> integration > > On 18/03/2024 15:44, Paul Littlefield via samba wrote: > > > > I would like to add BitLocker integration to the three DCs we haverunning> 4.15.13 on Ubuntu 22.04 LTS. > > > > The DC has been around a while and is currently on Schema version 47 and > Domain level 2008_R2. > > > > Can I confirm that the procedure to upgrade the three DCs is asfollows:-> > > > 1) backup > > 2) upgrade domain and forest to latest 2012_R2 > > 3) upgrade the schema to latest 2012_R2 > > > > Also, in what order of DCs should I perform these changes? > > > > DC5 (FSMO Role) > > DC6 > > DC7 > > Did anyone have a comment on this please? > > -- > > Paul LittlefieldPaul,>From my experience I recommend you read the 4.19.0 release notes forinstructions on raising the domain and functional levels to 2012. It's what I used recently without issue. Basically, your steps are what you will do. If only one DC holds all the FSMO roles, I recommend you perform the upgrade on that server last. After the upgrade you may notice objects that can't be resolved to its SID. This appears to be related to Samba not fully supporting 2012 or 2016. Rowland confirmed this for me when I posed the question on the list.
Kees van Vloten
2024-Mar-20 18:40 UTC
[Samba] Raise Domain Level, Forest Level and Schema for Bitlocker integration
On 20-03-2024 18:14, Paul Littlefield via samba wrote:> On 18/03/2024 15:44, Paul Littlefield via samba wrote: >> >> I would like to add BitLocker integration to the three DCs we have >> running 4.15.13 on Ubuntu 22.04 LTS. >> >> The DC has been around a while and is currently on Schema version 47 >> and Domain level 2008_R2. >> >> Can I confirm that the procedure to upgrade the three DCs is as >> follows:- >> >> 1) backup >> 2) upgrade domain and forest to latest 2012_R2 >> 3) upgrade the schema to latest 2012_R2 >> >> Also, in what order of DCs should I perform these changes? >> >> DC5 (FSMO Role) >> DC6 >> DC7 > > Did anyone have a comment on this please? >You can use Bitlocker without raising the domain / forest level. I have implemented it according to the docs from Transquil IT: https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_bitlocker_ad.html It works for me. - Kees.
Joachim Lindenberg
2024-Mar-22 09:20 UTC
[Samba] Raise Domain Level, Forest Level and Schema for Bitlocker integration
Not sure what Bitlocker integration you are referring to. Saving bitlocker recovery keys does work for me with schema version 47. Regards, Joachim -----Urspr?ngliche Nachricht----- Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Paul Littlefield via samba Gesendet: Mittwoch, 20. M?rz 2024 18:14 An: samba at lists.samba.org Betreff: Re: [Samba] Raise Domain Level, Forest Level and Schema for Bitlocker integration On 18/03/2024 15:44, Paul Littlefield via samba wrote:> > I would like to add BitLocker integration to the three DCs we have running 4.15.13 on Ubuntu 22.04 LTS. > > The DC has been around a while and is currently on Schema version 47 and Domain level 2008_R2. > > Can I confirm that the procedure to upgrade the three DCs is as follows:- > > 1) backup > 2) upgrade domain and forest to latest 2012_R2 > 3) upgrade the schema to latest 2012_R2 > > Also, in what order of DCs should I perform these changes? > > DC5 (FSMO Role) > DC6 > DC7Did anyone have a comment on this please? -- Paul Littlefield -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Seemingly Similar Threads
- Raise Domain Level, Forest Level and Schema for Bitlocker integration
- Raise Domain Level, Forest Level and Schema for Bitlocker integration
- Raise Domain Level, Forest Level and Schema for Bitlocker integration
- Raise Domain Level, Forest Level and Schema for Bitlocker integration
- BitLocker integration with AD