Re: [Samba] upgrading DC 4.5.x to 4.7.x


On 12/02/2017 09:46 PM, Kacper Wirski via samba wrote:
Do I understand correctly, You created new machine (or removed/reinstalled samba completely), used IP/hostname of the previous DC and just re-added as DC?
Yep, but some samba-tool database cleaning was required on the temp DC:
  dbcheck --crossncs --fix
 samba-tool domain tombstones expunge --tombstone-lifetime=1
and some more
  dbcheck --crossncs --fix
until everything is healthy.

Also, did You have any issues after removing temporary DC? Some time ago i had to remove one DC and I had some erros in --dbcheck --crossncs later on?
No, removing the DC went fine.

I might consider trying upgrade in separated environment, since my DC's are also VM's, so no problem for me to clone and separate them.
Yep, just try it and let us know how it works out for you. I also liked the idea to having new lean freshly installed stretch DCs, instead of older upgraded wheezy installs. We also moved from internal dns to BIND9_DLZ in the process, btw.

Some of You said about replication issues after straight upgrade. When they occured, i.e. was it obvious error after drs -showrepl command, or something that "sneaked up" upon You later on?
We experienced no 'hidden' replication issues, only the obvious ones (showrepl) where some DCs would not replicate with others, because of a variety or errors.

We also used samba-tool ldapcmp ldap://dcX ldap://dcX to make sure all data was in fact in sync on various DCs.

And since you're also on VMs, just give it a try and see where it gets you? Perhaps you can upgrade straight to 4.7, and you don't need the route we took? Easy enough to try out.

We had some misbehaviours in our AD to start with, and therefore did all the extra stuff. (with the temp DC etc)


