Hi All, After reading the list for a while I have a question myself. I have the task of upgrading a couple of systems and one of them is the office AD infrastructure from a Samba-4.1 installation to the latest stable version. I already did a concept of proof by incrementally compiling versions 4.2/3/4/5/etc to the then latest stable 4.10 and it seemed to work out OK but was a lot of work. I had a thought and would like to hear your opinions on it. What if I install a temporary Windows 2019/2016 server with the AD role and join it to the old Samba-4.1 AD and then transfer all AD roles to it. Next install a new Linux server with the latest Samba (4.12.3) and join it to the domain too. Transfer all roles from the Windows ADDC to it and decommission that server and add a second Linux ADDC to the domain to be redundant. Would/should that work and am I missing steps? Thanks in advance, Joop
On 05/06/2020 09:35, Joop via samba wrote:> Hi All, > > What if I install a temporary Windows 2019/2016 server with the AD role > > Would/should that work and am I missing steps?Sorry, but that isn't going to work, Samba doesn't support joining a 2016 server (yet) :-( I would go with what you have already tried, move up the Samba versions. Rowland
On Fri, 2020-06-05 at 10:35 +0200, Joop via samba wrote:> Hi All, > > After reading the list for a while I have a question myself. > I have the task of upgrading a couple of systems and one of them is > the > office AD infrastructure from a Samba-4.1 installation to the latest > stable version. > I already did a concept of proof by incrementally compiling versions > 4.2/3/4/5/etc to the then latest stable 4.10 and it seemed to work > out > OK but was a lot of work. > I had a thought and would like to hear your opinions on it. > What if I install a temporary Windows 2019/2016 server with the AD > role > and join it to the old Samba-4.1 AD and then transfer all AD roles to > it. Next install a new Linux server with the latest Samba (4.12.3) > and > join it to the domain too. Transfer all roles from the Windows ADDC > to > it and decommission that server and add a second Linux ADDC to the > domain to be redundant. > Would/should that work and am I missing steps?It would be even less likely to work then upgrading Samba in-place. I think you have done it the right way. If upgrading in-place you should be able to just go up to 4.10 (we do some tests of that in our selftest, but not as far back as 4.1), but if upgrading over DRS you have to go via smaller steps - I think Samba 4.4 and hope you get to 4.5 before upgrading further. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
Why not installing a new Samba 4.12 ADDC join it to your domain, give alle FSMOs to that DC AND the content from sysvol. Then remove one old DC after the other and replace it wit a new 4.12. It's always better then a in-place migration from 4.1 Am 05.06.20 um 10:35 schrieb Joop via samba:> Hi All, > > After reading the list for a while I have a question myself. > I have the task of upgrading a couple of systems and one of them is the > office AD infrastructure from a Samba-4.1 installation to the latest > stable version. > I already did a concept of proof by incrementally compiling versions > 4.2/3/4/5/etc to the then latest stable 4.10 and it seemed to work out > OK but was a lot of work. > I had a thought and would like to hear your opinions on it. > What if I install a temporary Windows 2019/2016 server with the AD role > and join it to the old Samba-4.1 AD and then transfer all AD roles to > it. Next install a new Linux server with the latest Samba (4.12.3) and > join it to the domain too. Transfer all roles from the Windows ADDC to > it and decommission that server and add a second Linux ADDC to the > domain to be redundant. > Would/should that work and am I missing steps? > > Thanks in advance, > > Joop > > >-- Stefan Kania Landweg 13 25693 St. Michaelisdonn Signieren jeder E-Mail hilft Spam zu reduzieren und sch?tzt Ihre Privatsph?re. Ein kostenfreies Zertifikat erhalten Sie unter https://www.dgn.de/dgncert/index.html