Hello Guys,
Ich tried a lot of posibilities without luck.
I have a running Samba4-AD 4.1.11. I joined a fresh samba 4.1.11 as second DC.
Until this the Replication between both DC works fine.
Finaly I Transfer the schema role to the second DC and I provision/extend
the openchange Schema to it. The Openchange Provision runs without error.
BUT After the openchange provision the Replication to DC one is not working
anymore.
This error appears
Failed to convert object
CN=ms-Exch-Container,CN=Schema,CN=Configuration,DC=mo,DC=test:
WERR_GENERAL_FAILURE
Same as here
http://thr3ads.net/samba/2013/06/2649971-Replication-problems
Every advice for a solution would be nice!
Regards
Masi
Am 17. März 2015 19:34:50 schrieb Martin Simovic <[email protected]>:
Hi Daniel,
I understand the exchange schema provisioning can be done two ways:
1. Running openchange_provision on Linux DC
2. Running exchange setup on Windows DC
Whichever one you choose, the result should be the same. You can use only
one approach though, not both at the same time.
I think you misread Julian’s post from openchange mailing list. The issue
was, that the user was trying to run openchange_provision on read-only
domain controller (RODC) which is not possible. Furthermore, it is
explained that samba4 DC must be master to be able to extend the schema OR
schema must be extended on another (master) domain controller. This in your
case would be your Windows DC.
I would like to add a third option: transfer the master role to Linux DC,
extend the schema (openchange_provision) and then cease the role back to
Windows DC. The result should be the same.
I have used the third (myself invented) approach since it was easier for me
to run schema extension from Linux DC, using linux command line tools
rather then learning how this is done from Windows environment.
Needless to say, I backed up my AD before and after every step taken. That
should answer your (legitimate) worries, broken AD is the worst nightmare I
admit!
Best Regards
Martin.
> On 17 Mar 2015, at 18:44, Dániel L. <[email protected]> wrote:
>
> Hello Martin,
>
> Thank You for the answer.
> Im afraid, the openchange provision tool will mess up the AD structure.
All our system relies on it.
> As suggested in the following openchange mailing, the openchange
provisioning of active directory should be avoided, and
> the schema extension should be made by the exchange setup on the windows
side:
> http://mailman.openchange.org/pipermail/devel/2013-February/005554.html
<http://mailman.openchange.org/pipermail/devel/2013-February/005554.html>
>
>
https://technet.microsoft.com/en-us/library/bb125224%28v=exchg.150%29.aspx#Step1
<https://technet.microsoft.com/en-us/library/bb125224%28v=exchg.150%29.aspx#Step1>
>
> whats your opinion on this?
>
> Thank again,
> Daniel
>
> 2015-03-17 16:25 GMT+01:00 Martin Simovic <[email protected]
<mailto:[email protected]>>:
> Hi,
>
> I don’t know about any existing howto related to this scenario, yet I
think I can help since at our site we’re running exactly the same setup.
> To be able to extend AD schema on Linux DC it needs to be promoted to
schema master. You can use standard AD management tools GUI or command line
from Linux DC - samba-tool fsmo does the job.
>
> After you extended the AD schema you can cease the role back to Windows
AD controller. Just a note, you better be running at least Samba 4.1 series
on Linux DC, older versions (4.0.X) were having problems with fsmo
transfers. Still, it’s always a good idea to backup your AD before applying
any changes to it.
>
> Hope this helps,
>
> Best Regards
> Martin Simovic
>
>
>
>
> > On 17 Mar 2015, at 11:50, Dániel L. <[email protected]
<mailto:[email protected]>> wrote:
> >
> > Dear Sogo Users,
> >
> >
> > We have an existing Active Directory server, which we use for central
authentication.
> > Id like to implement Openchange& Sogo with native Outlook support.
> >
> > So Ive installed Samba4 and joined it to the Active Directorfy as a DC.
> > Unfortunately, the "openchange_provision --standalone" command wont
work, because the samba4 DC is not master.
> > Is it safe to promote samba4 to master DC and promote back to Active
directory,
> > or is there a solution to extend active directory's schema with
exchange schema (without installing exchange itself)?
> >
> >
> > Is there any working HowTo on this outhere?
> > Any help is appreciated,
> >
> > Thank You in advance,
> > Daniel
>
>
--
[email protected]
https://inverse.ca/sogo/lists
