On Thu, 2016-03-17 at 13:16 +0100, Stefan Metzmacher
wrote:> Hi Florian,
> > We have two DC right know. (Server 2012 R2 and Server 2008 R2)
> >
> > We want to replace Windows with SAMBA over the next years. In the
> > first step we are going to replace the server 2012 R2 with SAMBA
> > because we still need the server 2008.
> >
> > But right know we have a small problem, because our AD schema is 69
> > and our last backup with schema 47 is over a year old.
>
> Why is that a problem? The forest and domain functional level should
> be still 2008R2.
>
> Can you get Samba 4.4.0rc5 (or the master branch from git)?
> You don't to install it, just run ./configure.developer && make
-j
>
> We have a command called "samba-tool drs clone-dc-database",
> which is similar to "samba-tool domain join DC". The difference
> is that it only tests the replication without creating an account
> for a new dc (and it requires the --targetdir option, which should
> point
> to a temporary location).
>
> Just call this like bin/samba-tool to get the one from the build
> environment.
>
> If "samba-tool drs clone-dc-database" runs without problems, you
may
> not
> have
> a real problem with the schema difference. This makes it unlikely
> that
> the real
> "samba-tool domain join DC" will fail.
>
> You only need to be aware that the "SYSVOL" folder is not
> automatically
> replicated
> between windows and samba. And the GPO-GUI should only be used
> against
> the remaining windows server with manual syncing of the SYSVOL.
> You may also need to use "samba-tool ntacl sysvolreset" after the
> sync.
Be aware that being able to replicate to Samba doesn't mean you can
replicate from Samba. We may still have bugs with replicating back
objects written with the 2012R2 schema loaded, but it could be better
with 4.4rc5 than it has been in the past. (I've fixed some bugs in
this area, but I think there is still work to be done).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba