Hi Daniel, Following information would help:
- Is your samba4 server on same subnet as your windows AD controller? Is there any firewall in between the two? - What is your exact samba version? - I assume you are using "same-tool fsmo seize” to transfer the role back to Windows AD? Do you get any errors? - What is the output of "samba-tool fsmo show” ? - What symptoms you experience to judge replication is not working? - What is the output of “samba-tool drs showrepl” ? Best Regards Martin. > On 20 Mar 2015, at 13:57, Dániel L. <[email protected]> wrote: > > Hi Martin, > > I ve transfered the schema master role to samba4, and managed to extend the > schema with openchange provision, > but I cant retransfer the master to the original windows ad, > And the replication wont work. > Any suggestions? > > Thanks again, > Daniel > > 2015-03-17 19:33 GMT+01:00 Martin Simovic <[email protected] > <mailto:[email protected]>>: > Hi Daniel, > > I understand the exchange schema provisioning can be done two ways: > > 1. Running openchange_provision on Linux DC > 2. Running exchange setup on Windows DC > > Whichever one you choose, the result should be the same. You can use only one > approach though, not both at the same time. > > I think you misread Julian’s post from openchange mailing list. The issue > was, that the user was trying to run openchange_provision on read-only domain > controller (RODC) which is not possible. Furthermore, it is explained that > samba4 DC must be master to be able to extend the schema OR schema must be > extended on another (master) domain controller. This in your case would be > your Windows DC. > > I would like to add a third option: transfer the master role to Linux DC, > extend the schema (openchange_provision) and then cease the role back to > Windows DC. The result should be the same. > I have used the third (myself invented) approach since it was easier for me > to run schema extension from Linux DC, using linux command line tools rather > then learning how this is done from Windows environment. > > Needless to say, I backed up my AD before and after every step taken. That > should answer your (legitimate) worries, broken AD is the worst nightmare I > admit! > > Best Regards > Martin. > > >> On 17 Mar 2015, at 18:44, Dániel L. <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hello Martin, >> >> Thank You for the answer. >> Im afraid, the openchange provision tool will mess up the AD structure. All >> our system relies on it. >> As suggested in the following openchange mailing, the openchange >> provisioning of active directory should be avoided, and >> the schema extension should be made by the exchange setup on the windows >> side: >> http://mailman.openchange.org/pipermail/devel/2013-February/005554.html >> <http://mailman.openchange.org/pipermail/devel/2013-February/005554.html> >> >> https://technet.microsoft.com/en-us/library/bb125224%28v=exchg.150%29.aspx#Step1 >> >> <https://technet.microsoft.com/en-us/library/bb125224%28v=exchg.150%29.aspx#Step1> >> >> >> whats your opinion on this? >> >> Thank again, >> Daniel >> >> 2015-03-17 16:25 GMT+01:00 Martin Simovic <[email protected] >> <mailto:[email protected]>>: >> Hi, >> >> I don’t know about any existing howto related to this scenario, yet I think >> I can help since at our site we’re running exactly the same setup. >> To be able to extend AD schema on Linux DC it needs to be promoted to schema >> master. You can use standard AD management tools GUI or command line from >> Linux DC - samba-tool fsmo does the job. >> >> After you extended the AD schema you can cease the role back to Windows AD >> controller. Just a note, you better be running at least Samba 4.1 series on >> Linux DC, older versions (4.0.X) were having problems with fsmo transfers. >> Still, it’s always a good idea to backup your AD before applying any changes >> to it. >> >> Hope this helps, >> >> Best Regards >> Martin Simovic >> >> >> >> >> > On 17 Mar 2015, at 11:50, Dániel L. <[email protected] >> > <mailto:[email protected]>> wrote: >> > >> > Dear Sogo Users, >> > >> > >> > We have an existing Active Directory server, which we use for central >> > authentication. >> > Id like to implement Openchange& Sogo with native Outlook support. >> > >> > So Ive installed Samba4 and joined it to the Active Directorfy as a DC. >> > Unfortunately, the "openchange_provision --standalone" command wont work, >> > because the samba4 DC is not master. >> > Is it safe to promote samba4 to master DC and promote back to Active >> > directory, >> > or is there a solution to extend active directory's schema with exchange >> > schema (without installing exchange itself)? >> > >> > >> > Is there any working HowTo on this outhere? >> > Any help is appreciated, >> > >> > Thank You in advance, >> > Daniel >> >> > >
smime.p7s
Description: S/MIME cryptographic signature
