On Wed, 27 Dec 2023 11:26:03 -0500
Sonic <sonicsmith at gmail.com> wrote:
> I did a test with a new Bookworm container and Debian's packaged Samba
> - v4.17 (I believe Debian's packages are now considered OK for
> production - please correct me if I'm wrong).
Perfectly okay, but even better would be to use Samba from
bookworm-backports.
> The DC join of the new 4.17 to the old 4.10 did appear successful -
> the typical "Joined domain <snip> as a DC" was produced.
However I did
> revert back as I ran out of time (and energy) to do all the remaining
> housekeeping tasks. Plus I didn't specify the dns-backend or
> use-rfc2307.
You cannot specify '--use-rfc2307' on a DC join, only when you
provision a new domain.
>
> Some things that are not clear to me regarding the DC join of a much
> newer version to an older one:
> If dns-backend is not specified does it default to SAMBA_INTERNAL?
Yes
> Can the new DC use SAMBA_INTERNAL while the old uses BIND9_DLZ?
Yes
> Does the new joined DC use its native updated schema or is the schema
> identical to the old DC?
The schema is replicated from the existing DC.
> Is the "hot-backup of the /usr/local/samba/private/idmap.ldb"
> necessary if one is planning on removing the old DC as soon as the
> roles are transferred and it is demoted?
Yes, if you look in sysvol on a newly joined DC, it is virtually empty,
you must fully populate it by syncing from an existing DC, so you would
need the correct IDs on your new DC.
Rowland