02.12.2017 2:16, mj via samba пишет:> - power off the old DCs > - reize fsmo roles, cleanup the database, etcwhy not to transfer roles while old DC are online?> - add new 4.7.2 DCs using their old names/ips > - remove the temporary DCwhy not simply add new DCs to current production domain? I'm thinking about way to upgrade too, but using "separated environment" and restore current production servers from backups seems too complicated for me. I don't know what changes was made in prodiction domain while doing procedure above, if it will take day or two (and it wiil be lost)> The above procedure took some testing and multiple tries,hmm :) _ Mike
Hi, On 12/02/2017 03:49 PM, Mike Lykov via samba wrote:> 02.12.2017 2:16, mj via samba пишет: > >> - power off the old DCs >> - reize fsmo roles, cleanup the database, etc > > why not to transfer roles while old DC are online?See your question two> >> - add new 4.7.2 DCs using their old names/ips >> - remove the temporary DC > > why not simply add new DCs to current production domain?Because we were facing corruption issues on the 4.5 DCs, upgrading those to 4.7 didn't work out. We tried, but faced replication issues, and commands like samba-tool drs showrepl no longer showed any output, or python errrors and timeouts. Also fsmo transfer failed with timeout issues. Therefore we decided to start as 'fresh as possible', with only data that 4.7 replicated from our 4.5 DCs. Note: I am not advising the OP to follow this procedure, I'm just saying that now that we've finally landed on 4.7, we were very happy with it. (that's what he was asking about) And it did not take a day or two, but just a few hours. As our DCs are all virtual, backing-up and restoring in an isolated environment was almost instant.> > I'm thinking about way to upgrade too, but using "separated environment"Just a different VLAN with only the DCs.> and restore current production servers from backups seems too > complicated for me. > I don't know what changes was made in prodiction domain while doing > procedure above, if it will take day or two (and it wiil be lost)After some practising and taking notes, I could do it in just a few hours for our three DCs. :-) Anyway, he asked about experiences on 4.7, and those are positive. The way it took to get there was a hassle, we can agree on that, but it seemed to be the only way out of our 4.5 install. :-) MJ
Thank for all advice, I have a question about: "- add new 4.7.2 DCs using their old names/ips - remove the temporary DC" Do I understand correctly, You created new machine (or removed/reinstalled samba completely), used IP/hostname of the previous DC and just re-added as DC? Also, did You have any issues after removing temporary DC? Some time ago i had to remove one DC and I had some erros in --dbcheck --crossncs later on? I might consider trying upgrade in separated environment, since my DC's are also VM's, so no problem for me to clone and separate them. Some of You said about replication issues after straight upgrade. When they occured, i.e. was it obvious error after drs -showrepl command, or something that "sneaked up" upon You later on? Regards, Kacper
02.12.2017 22:13, mj via samba пишет:>> why not simply add new DCs to current production domain? > Because we were facing corruption issues on the 4.5 DCs, upgrading those > to 4.7 didn't work out.corruption/replication issues on 4.5 production servers between each 4.5 before try to upgrade? I have an old 4.1 DCs with "internal dns inconsistent" status now. We tried, but faced replication issues, and> commands like samba-tool drs showrepl no longer showed any output, or > python errrors and timeouts. Also fsmo transfer failed with timeout issues.Ok, I understand, thanks for the clarification.>> I'm thinking about way to upgrade too, but using "separated environment" > Just a different VLAN with only the DCs.different VLAN, but with same addresses/network mask? without gateway with main network, ok.> After some practising and taking notes, I could do it in just a few > hours for our three DCs. :-)i.e. you can try free in diffrenet vlan for some time (restore, try, delete and next attempt), and, when ready, start replacing new copy of production domain? ok... -- Mike