I am planning to upgrade the DCs using the join and promote method. List of DCs ----------- 1) SAMBA1 2) SAMBA2 3) DC1 4) DC2 Currently SAMBA1 is the PDC and SAMBA2 is the "SDC" and are in sync with replication and rsync sysvol. DCs SAMBA1 and SAMBA2 are 4.1 git releases with AD Schema version 47. My plan to get to AD Schema version 69 was... 0. Add entries to the DHCP Server for the 2 new DCs for DNS. 1. Demote SAMBA2 and shut down computer. 2. Join DC1 (Samba 4.7) to the domain and check replication. 3. Promote and Seize FSMO roles on DC1 to be PDC. 4. Demote SAMBA1 (already done?) and shut down computer. 5. Join DC2 (Samba 4.7) to the domain and check replication. 6. Check all computers for correct DNS etc etc etc. How does that sound? Regards, Paul
On Mon, 5 Mar 2018 10:39:53 +0000 Paul Littlefield via samba <samba at lists.samba.org> wrote:> I am planning to upgrade the DCs using the join and promote method. > > List of DCs > ----------- > 1) SAMBA1 > 2) SAMBA2 > 3) DC1 > 4) DC2 > > Currently SAMBA1 is the PDC and SAMBA2 is the "SDC" and are in syncNo, SAMBA1 is a DC and SAMBA2 is another DC.> with replication and rsync sysvol. DCs SAMBA1 and SAMBA2 are 4.1 git > releases with AD Schema version 47. > > My plan to get to AD Schema version 69 was... > > 0. Add entries to the DHCP Server for the 2 new DCs for DNS.Er no, your DCs shouldn't be getting their IP via DHCP, they should have a fixed IP.> 1. Demote SAMBA2 and shut down computer.Why ? You could do this once the new DCs are up and running.> 2. Join DC1 (Samba 4.7) to the domain and check replication.This should work.> 3. Promote and Seize FSMO roles on DC1 to be PDC.You should try to transfer the FSMO roles first and this will not make it the PDC, it will just make it the DC with all the FSMO roles, a PDC is something else entirely.> 4. Demote SAMBA1 (already done?) and shut down computer.If you want to remove SAMBA1, you will need to demote it, it will not be done automatically.> 5. Join DC2 (Samba 4.7) to the domain and check replication. > 6. Check all computers for correct DNS etc etc etc.I would only demote and remove the two old DCs once the two new ones are working correctly. You will also need to sync sysvol between the old and new DCs Finally, you will still be using schema version 47 Rowland
On 05/03/18 11:27, Rowland Penny via samba wrote:> > No, SAMBA1 is a DC and SAMBA2 is another DC.OK.> > Er no, your DCs shouldn't be getting their IP via DHCP, they should > have a fixed IP.Yes, they will, sorry for the confusion... I was simply referring to the fact that all other computers on the LAN will know about all 4 DCs :)> > Why ? You could do this once the new DCs are up and running.OK.> > This should work.Great!> > You should try to transfer the FSMO roles first and this will not make > it the PDC, it will just make it the DC with all the FSMO roles, a PDC > is something else entirely.Fair enough. So, a 'fsmo transfer' rather than a 'fsmo sieze' then is preferable?> > If you want to remove SAMBA1, you will need to demote it, it will not > be done automatically.OK, this one - https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC ?> > I would only demote and remove the two old DCs once the two new ones > are working correctly. You will also need to sync sysvol between the > old and new DCs.Yes, will do.> > Finally, you will still be using schema version 47Ah, so I need to do this last then? https://wiki.samba.org/index.php/Raising_the_Functional_Levels Paul
On 05/03/18 11:27, Rowland Penny via samba wrote:> > Finally, you will still be using schema version 47root at dc2.example.com ~ $ samba-tool domain level show Domain and forest function level for domain 'DC=example,DC=com' Forest function level: (Windows) 2008 R2 Domain function level: (Windows) 2008 R2 Lowest function level of a DC: (Windows) 2008 R2 root at dc2.example.com ~ $ samba-tool domain level raise --forest-level=2012_R2 --domain-level=2012_R2 ERROR: Domain function level can't be higher than the lowest function level of a DC! https://wiki.samba.org/index.php/Raising_the_Functional_Levels Er, how do I get to schema version 69? Paul