Difference between revisions of "AD Schema Version Support"

(New documentation about how to determine the AD schema version)
 
(Live Upgrade)
 
(11 intermediate revisions by 3 users not shown)
Line 1: Line 1:
= Official AD schema versions =
+
= AD Schema Versions =
  
These are the official AD schema versions:
+
The official Active Directory (AD) schema versions are:
  
69 = Windows Server 2012R2
+
{| class="wikitable"
56 = Windows Server 2012
+
!Windows Server Version
47 = Windows Server 2008R2
+
!Directory Schema Version
44 = Windows Server 2008
+
|-
31 = Windows Server 2003R2
+
|Windows Server 2016
30 = Windows Server 2003
+
|87
13 = Windows 2000
+
|-
 +
|Windows Server 2012R2
 +
|69
 +
|-
 +
|Windows Server 2012
 +
|56
 +
|-
 +
|Windows Server 2008R2
 +
|47
 +
|-
 +
|Windows Server 2008
 +
|44
 +
|-
 +
|Windows Server 2003R2
 +
|31
 +
|-
 +
|Windows Server 2003
 +
|30
 +
|-
 +
|Windows 2000
 +
|13
 +
|}
  
Seeing one of those schema version in your directory, only means that your AD forest is currently based on this schema version. It doesn't indicate if manual [[Samba_AD_schema_extensions|schema extension]] have been made.
 
  
Samba currently doesn't support all classes/attributes, MS introduced in schemas later than 47 (Windows Server 2008R2). If you're planning to have a Windows DC (not Member Server!) in your AD forest, this means, they can't be newer than Windows Server 2008R2! A newer server version requires to upgrade the schema, what makes the AD incompatible with Samba DCs!
 
  
  
  
 +
= Samba AD Schema Version Support =
  
 +
Samba supports the following Active Directory schema versions:
  
= Samba =
+
{| class="wikitable"
 +
!Samba Version
 +
!Highest Supported Schema Version
 +
|-
 +
|4.11 and later
 +
|69
 +
|-
 +
|4.5 - 4.10
 +
|69 *
 +
|-
 +
|4.0 - 4.4
 +
|47
 +
|}
  
== samba-tool ==
+
<nowiki>*</nowiki> Experimental support. To report problems, click https://bugzilla.samba.org.
  
Run the following command on your Samba DC, to determine the AD schema version:
+
= Live Upgrade =
 +
 
 +
To upgrade the schema version on a running Samba installation to 2012_R2, use this command:
 +
 
 +
> samba-tool domain schemaupgrade
 +
 
 +
Note: This tool only works from 2008 R2. In order to upgrade from earlier versions, the ldf files must be manually sourced from the Windows adprep tool and run with the <code>--ldf-file=</code> option.
 +
 
 +
= Determine the AD Schema Version on a Samba DC =
 +
 
 +
To determine the Active Directory (AD) schema version on a Samba domain controller (DC):
  
 
  # ldbsearch -H /usr/local/samba/private/sam.ldb -b 'cn=Schema,cn=Configuration,dc=samdom,dc=example,dc=com' -s base objectVersion
 
  # ldbsearch -H /usr/local/samba/private/sam.ldb -b 'cn=Schema,cn=Configuration,dc=samdom,dc=example,dc=com' -s base objectVersion
Line 38: Line 81:
  
  
= Windows =
+
= Determine the AD Schema Version on a Windows Client or Server =
  
 
== dsquery ==
 
== dsquery ==
  
Run the following command on a Windows command line, to determine the AD schema version:
+
To determine the Active Directory (AD) schema version from the Windows command line:
  
 
  > dsquery * "cn=Schema,cn=Configuration,dc=samdom,dc=example,dc=com" -scope base -attr objectversion
 
  > dsquery * "cn=Schema,cn=Configuration,dc=samdom,dc=example,dc=com" -scope base -attr objectversion
Line 52: Line 95:
 
== PowerShell ==
 
== PowerShell ==
  
Run the following command on inside the Windows PowerShell, to determine the AD schema version:
+
To determine the Active Directory (AD) schema version from the Windows PowerShell:
  
 
  > Get-ADObject (Get-ADRootDSE).schemaNamingContext -properties objectVersion
 
  > Get-ADObject (Get-ADRootDSE).schemaNamingContext -properties objectVersion
Line 60: Line 103:
 
  ObjectGUID        : 92801cf6-f22d-4b7f-ba70-00af98790881
 
  ObjectGUID        : 92801cf6-f22d-4b7f-ba70-00af98790881
 
  objectversion    : 47
 
  objectversion    : 47
 +
 +
 +
 +
 +
 +
----
 +
[[Category:Active Directory]]

Latest revision as of 23:19, 16 July 2019

AD Schema Versions

The official Active Directory (AD) schema versions are:

Windows Server Version Directory Schema Version
Windows Server 2016 87
Windows Server 2012R2 69
Windows Server 2012 56
Windows Server 2008R2 47
Windows Server 2008 44
Windows Server 2003R2 31
Windows Server 2003 30
Windows 2000 13



Samba AD Schema Version Support

Samba supports the following Active Directory schema versions:

Samba Version Highest Supported Schema Version
4.11 and later 69
4.5 - 4.10 69 *
4.0 - 4.4 47

* Experimental support. To report problems, click https://bugzilla.samba.org.

Live Upgrade

To upgrade the schema version on a running Samba installation to 2012_R2, use this command:

> samba-tool domain schemaupgrade

Note: This tool only works from 2008 R2. In order to upgrade from earlier versions, the ldf files must be manually sourced from the Windows adprep tool and run with the --ldf-file= option.

Determine the AD Schema Version on a Samba DC

To determine the Active Directory (AD) schema version on a Samba domain controller (DC):

# ldbsearch -H /usr/local/samba/private/sam.ldb -b 'cn=Schema,cn=Configuration,dc=samdom,dc=example,dc=com' -s base objectVersion
# record 1
dn: CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
objectVersion: 47

# returned 1 records
# 1 entries
# 0 referrals



Determine the AD Schema Version on a Windows Client or Server

dsquery

To determine the Active Directory (AD) schema version from the Windows command line:

> dsquery * "cn=Schema,cn=Configuration,dc=samdom,dc=example,dc=com" -scope base -attr objectversion
objectversion
47


PowerShell

To determine the Active Directory (AD) schema version from the Windows PowerShell:

> Get-ADObject (Get-ADRootDSE).schemaNamingContext -properties objectVersion
DistinguishedName : CN=Schema,CN=Configuration,DC=contoso,DC=com
Name              : Schema
ObjectClass       : dMD
ObjectGUID        : 92801cf6-f22d-4b7f-ba70-00af98790881
objectversion     : 47