Hi Martin, I ve transfered the schema master role to samba4, and managed to extend the schema with openchange provision, but I cant retransfer the master to the original windows ad, And the replication wont work. Any suggestions?
Thanks again, Daniel 2015-03-17 19:33 GMT+01:00 Martin Simovic <[email protected]>: > Hi Daniel, > > I understand the exchange schema provisioning can be done two ways: > > 1. Running openchange_provision on Linux DC > 2. Running exchange setup on Windows DC > > Whichever one you choose, the result should be the same. You can use only > one approach though, not both at the same time. > > I think you misread Julian’s post from openchange mailing list. The issue > was, that the user was trying to run openchange_provision on read-only > domain controller (RODC) which is not possible. Furthermore, it is > explained that samba4 DC must be master to be able to extend the schema OR > schema must be extended on another (master) domain controller. This in your > case would be your Windows DC. > > I would like to add a third option: transfer the master role to Linux DC, > extend the schema (openchange_provision) and then cease the role back to > Windows DC. The result should be the same. > I have used the third (myself invented) approach since it was easier for > me to run schema extension from Linux DC, using linux command line tools > rather then learning how this is done from Windows environment. > > Needless to say, I backed up my AD before and after every step taken. That > should answer your (legitimate) worries, broken AD is the worst nightmare I > admit! > > Best Regards > Martin. > > > On 17 Mar 2015, at 18:44, Dániel L. <[email protected]> wrote: > > Hello Martin, > > Thank You for the answer. > Im afraid, the openchange provision tool will mess up the AD structure. > All our system relies on it. > As suggested in the following openchange mailing, the openchange > provisioning of active directory should be avoided, and > the schema extension should be made by the exchange setup on the windows > side: > http://mailman.openchange.org/pipermail/devel/2013-February/005554.html > > > https://technet.microsoft.com/en-us/library/bb125224%28v=exchg.150%29.aspx#Step1 > > whats your opinion on this? > > Thank again, > Daniel > > 2015-03-17 16:25 GMT+01:00 Martin Simovic <[email protected]>: > >> Hi, >> >> I don’t know about any existing howto related to this scenario, yet I >> think I can help since at our site we’re running exactly the same setup. >> To be able to extend AD schema on Linux DC it needs to be promoted to >> schema master. You can use standard AD management tools GUI or command line >> from Linux DC - samba-tool fsmo does the job. >> >> After you extended the AD schema you can cease the role back to Windows >> AD controller. Just a note, you better be running at least Samba 4.1 series >> on Linux DC, older versions (4.0.X) were having problems with fsmo >> transfers. Still, it’s always a good idea to backup your AD before applying >> any changes to it. >> >> Hope this helps, >> >> Best Regards >> Martin Simovic >> >> >> >> >> > On 17 Mar 2015, at 11:50, Dániel L. <[email protected]> >> wrote: >> > >> > Dear Sogo Users, >> > >> > >> > We have an existing Active Directory server, which we use for central >> authentication. >> > Id like to implement Openchange& Sogo with native Outlook support. >> > >> > So Ive installed Samba4 and joined it to the Active Directorfy as a DC. >> > Unfortunately, the "openchange_provision --standalone" command wont >> work, because the samba4 DC is not master. >> > Is it safe to promote samba4 to master DC and promote back to Active >> directory, >> > or is there a solution to extend active directory's schema with >> exchange schema (without installing exchange itself)? >> > >> > >> > Is there any working HowTo on this outhere? >> > Any help is appreciated, >> > >> > Thank You in advance, >> > Daniel >> >> > > -- [email protected] https://inverse.ca/sogo/lists
