Denis Cardon
2016-Sep-28 15:37 UTC
[Samba] ad2003 schema while forest/domain at 2008R2 level
Hi everyone, I came across this issue today while upgrading a samba4 AD. The forest/domain level is 2008R2, however the schema partition is actually missing the msDS-isRODC attribute (and probably a few others). It makes the ADUC console to failed on that entry below. Here is the samba log message (which is quite explicit :-) Sep 28 16:55:36 srvads samba[27900]: [2016/09/28 16:55:36.819666, 0] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug) Sep 28 16:55:36 srvads samba[27900]: ldb: acl_read: CN=SRVADS,OU=Domain Controllers,DC=domain,DC=lan cannot find attr[msDS-isRODC] in of schema I don't know how I messed up the schema partition, and since I don't have any side effect but the ADUC failure message when clicking on the dc entry (everything else works fine), I think that error is lying there for quite some time. The domain was upgraded from a MSAD 2003 domain three or four years ago. So my question is : since my DC is already on 2008R2 domain/forest level, is there anyway I can force the schema upgrade to 2008R2 independently of the samba-tool domain raise command line? Cheers, Denis -- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr
Rowland Penny
2016-Sep-28 16:01 UTC
[Samba] ad2003 schema while forest/domain at 2008R2 level
On Wed, 28 Sep 2016 17:37:32 +0200 Denis Cardon via samba <samba at lists.samba.org> wrote:> Hi everyone, > > I came across this issue today while upgrading a samba4 AD. The > forest/domain level is 2008R2, however the schema partition is > actually missing the msDS-isRODC attribute (and probably a few > others). It makes the ADUC console to failed on that entry below. > Here is the samba log message (which is quite explicit :-) > > Sep 28 16:55:36 srvads samba[27900]: [2016/09/28 16:55:36.819666, 0] > ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug) > Sep 28 16:55:36 srvads samba[27900]: ldb: acl_read: > CN=SRVADS,OU=Domain Controllers,DC=domain,DC=lan cannot find > attr[msDS-isRODC] in of schema > > I don't know how I messed up the schema partition, and since I don't > have any side effect but the ADUC failure message when clicking on > the dc entry (everything else works fine), I think that error is > lying there for quite some time. The domain was upgraded from a MSAD > 2003 domain three or four years ago. > > So my question is : since my DC is already on 2008R2 domain/forest > level, is there anyway I can force the schema upgrade to 2008R2 > independently of the samba-tool domain raise command line? > > Cheers, > > Denis > > >You could start by finding out just what schema version you actually have, see here: https://wiki.samba.org/index.php/AD_Schema_Version_Support Rowland
Carlos A. P. Cunha
2016-Sep-28 17:28 UTC
[Samba] ad2003 schema while forest/domain at 2008R2 level
Hello! I had a "similar" problem, see if you help. https://lists.samba.org/archive/samba/2015-December/196850.html In my case, I managed to solve. Regards Em 28-09-2016 13:01, Rowland Penny via samba escreveu:> On Wed, 28 Sep 2016 17:37:32 +0200 > Denis Cardon via samba <samba at lists.samba.org> wrote: > >> Hi everyone, >> >> I came across this issue today while upgrading a samba4 AD. The >> forest/domain level is 2008R2, however the schema partition is >> actually missing the msDS-isRODC attribute (and probably a few >> others). It makes the ADUC console to failed on that entry below. >> Here is the samba log message (which is quite explicit :-) >> >> Sep 28 16:55:36 srvads samba[27900]: [2016/09/28 16:55:36.819666, 0] >> ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug) >> Sep 28 16:55:36 srvads samba[27900]: ldb: acl_read: >> CN=SRVADS,OU=Domain Controllers,DC=domain,DC=lan cannot find >> attr[msDS-isRODC] in of schema >> >> I don't know how I messed up the schema partition, and since I don't >> have any side effect but the ADUC failure message when clicking on >> the dc entry (everything else works fine), I think that error is >> lying there for quite some time. The domain was upgraded from a MSAD >> 2003 domain three or four years ago. >> >> So my question is : since my DC is already on 2008R2 domain/forest >> level, is there anyway I can force the schema upgrade to 2008R2 >> independently of the samba-tool domain raise command line? >> >> Cheers, >> >> Denis >> >> >> > You could start by finding out just what schema version you actually > have, see here: > > https://wiki.samba.org/index.php/AD_Schema_Version_Support > > Rowland >