samba - Dec 2017 - Eventually transitioning to Windows Server 2016

Am 16.12.2017 um 15:45 schrieb Rowland Penny via samba:
> You can use the Samba 'classicupgrade' tool to migrate your
NT4-style
> domain to a Samba AD domain, but, at the moment, you will only get a
> 2008R2 domain. The work to update 2012 is nearing completion and will
> possibly be in Samba 4.8.0. The work to upgrade to 2016 hasn't even
> started yet, but from what I have read, it shouldn't take as much work
> as the 2012 upgrade has taken.
>
> From my understanding 'ADMT' will only run on a windows server, so
I
> don't think this is going to work. What you should be able to do is
> upgrade to a Samba AD DC, join a windows 2008 DC, transfer all the FSMO
> roles to the windows DC, demote the Samba AD DC, then upgrade the
> windows DC to the domain function level you require and then start
> paying for cals.
>
> Probably easier to set up a new domain ;-)
>
> Rowland
Just a question for clarification, since I will be going the same way
some time next year:

Are we just talking about domain function levels (Windows Server 2016
should run as a DC on the 2008R2 level just fine), or is it really not
possible to join a Server 2016 to a domain with a samba DC?

The way you describe doesn't really make sense to me - either you would
first set up a Windows Server 2008R2 as DC, transfer the FSMO roles and
demote the samba DC, but then you can't "upgrade the windows DC to the
domain function level you require" since Server 2008R2 obviously won't
support any newer function level. You would have to install yet another
Server 2016 DC or upgrade the DC to Server 2016 first. Or do you mean
"set up a Server 2016 as a DC using the 2008R2 level, transfer the FSMO
roles, demote the samba DC and then upgrade the function level"?

Thanks,
Andreas

On Mon, 18 Dec 2017 08:41:24 +0100
Andreas Heinlein via samba <samba at lists.samba.org> wrote:
> Am 16.12.2017 um 15:45 schrieb Rowland Penny via samba:
> > You can use the Samba 'classicupgrade' tool to migrate your
> > NT4-style domain to a Samba AD domain, but, at the moment, you will
> > only get a 2008R2 domain. The work to update 2012 is nearing
> > completion and will possibly be in Samba 4.8.0. The work to upgrade
> > to 2016 hasn't even started yet, but from what I have read, it
> > shouldn't take as much work as the 2012 upgrade has taken.
> >
> > From my understanding 'ADMT' will only run on a windows
server, so I
> > don't think this is going to work. What you should be able to do
is
> > upgrade to a Samba AD DC, join a windows 2008 DC, transfer all the
> > FSMO roles to the windows DC, demote the Samba AD DC, then upgrade
> > the windows DC to the domain function level you require and then
> > start paying for cals.
> >
> > Probably easier to set up a new domain ;-)
> >
> > Rowland
> Just a question for clarification, since I will be going the same way
> some time next year:
> 
> Are we just talking about domain function levels (Windows Server 2016
> should run as a DC on the 2008R2 level just fine), or is it really not
> possible to join a Server 2016 to a domain with a samba DC?
> 
> The way you describe doesn't really make sense to me - either you
> would first set up a Windows Server 2008R2 as DC, transfer the FSMO
> roles and demote the samba DC, but then you can't "upgrade the
> windows DC to the domain function level you require" since Server
> 2008R2 obviously won't support any newer function level. You would
> have to install yet another Server 2016 DC or upgrade the DC to
> Server 2016 first. Or do you mean "set up a Server 2016 as a DC using
> the 2008R2 level, transfer the FSMO roles, demote the samba DC and
> then upgrade the function level"?
> 
> Thanks,
> Andreas
> 
Using a 2016 server will not work. As I said, you would first have to
classicupgrade the NT4-style domain, then join a 2008 server to it
(using a 2012 server is experimental). Now demote the Samba DC and
start the upgrade climb, how you do it is up to you and what is
possible ;-)

OR, as I also said:

Probably easier to set up a new domain ;-)

Rowland

On Mon, 2017-12-18 at 08:41 +0100, Andreas Heinlein via samba
wrote:
> Are we just talking about domain function levels (Windows Server 2016
> should run as a DC on the 2008R2 level just fine), or is it really not
> possible to join a Server 2016 to a domain with a samba DC?
This will get better with the patches Garming is working on for Samba
4.8, but currently windows baulks at joining Samba because it uses
interfaces (DCOM) we don't support. 

However, once we upgrade to FL2012 it will avoid that check and join. 
I'm told a current/future Windows 2016 version will join Samba as-is,
but I've not tried it (they fixed their bug, they shouldn't have used
DCOM for that). 

I hope this clarifies things,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

Am 18.12.2017 um 09:55 schrieb Andrew Bartlett via
samba:
> On Mon, 2017-12-18 at 08:41 +0100, Andreas Heinlein via samba wrote:
>> Are we just talking about domain function levels (Windows Server 2016
>> should run as a DC on the 2008R2 level just fine), or is it really not
>> possible to join a Server 2016 to a domain with a samba DC?
> This will get better with the patches Garming is working on for Samba
> 4.8, but currently windows baulks at joining Samba because it uses
> interfaces (DCOM) we don't support. 
>
> However, once we upgrade to FL2012 it will avoid that check and join. 
> I'm told a current/future Windows 2016 version will join Samba as-is,
> but I've not tried it (they fixed their bug, they shouldn't have
used
> DCOM for that). 
>
> I hope this clarifies things,
>
> Andrew Bartlett
Hello,

thanks to you and Rowland for clarifying.

Since my servers are all virtual machines and I have a "template"
Server
2008 at hand, this shouldn't be much work. I will give it a try and join
the Server 2016 directly to the samba DC and see what happens. I'll
report back here.

Bye,
Andreas