AD Schema Version Support: Difference between revisions

From SambaWiki
(New documentation about how to determine the AD schema version)
 
m (Clarify baseDN)
 
(13 intermediate revisions by 4 users not shown)
Line 1: Line 1:
= Official AD schema versions =
= AD Schema Versions =


These are the official AD schema versions:
The official Active Directory (AD) schema versions are:


{| class="wikitable"
69 = Windows Server 2012R2
56 = Windows Server 2012
!Windows Server Version
!Directory Schema Version
47 = Windows Server 2008R2
|-
44 = Windows Server 2008
31 = Windows Server 2003R2
|Windows Server 2022
|88
30 = Windows Server 2003
|-
13 = Windows 2000
|Windows Server 2019
|88
|-
|Windows Server 2016
|87
|-
|Windows Server 2012R2
|69
|-
|Windows Server 2012
|56
|-
|Windows Server 2008R2
|47
|-
|Windows Server 2008
|44
|-
|Windows Server 2003R2
|31
|-
|Windows Server 2003
|30
|-
|Windows 2000
|13
|}


= Samba AD Schema Version Support =
Seeing one of those schema version in your directory, only means that your AD forest is currently based on this schema version. It doesn't indicate if manual [[Samba_AD_schema_extensions|schema extension]] have been made.


Samba supports the following Active Directory schema versions:
Samba currently doesn't support all classes/attributes, MS introduced in schemas later than 47 (Windows Server 2008R2). If you're planning to have a Windows DC (not Member Server!) in your AD forest, this means, they can't be newer than Windows Server 2008R2! A newer server version requires to upgrade the schema, what makes the AD incompatible with Samba DCs!


{| class="wikitable"
!Samba Version
!Highest Supported Schema Version
|-
|4.11 and later
|69
|-
|4.5 - 4.10
|69 *
|-
|4.0 - 4.4
|47
|}


<nowiki>*</nowiki> Experimental support. To report problems, click https://bugzilla.samba.org.


= Live Upgrade =


To upgrade the schema version on a running Samba installation to 2012_R2, use this command:


> samba-tool domain schemaupgrade
= Samba =


Note: This tool only works from 2008 R2. In order to upgrade from earlier versions, the ldf files must be manually sourced from the Windows adprep tool and run with the <code>--ldf-file=</code> option.
== samba-tool ==


Run the following command on your Samba DC, to determine the AD schema version:
= Determine the AD Schema Version on a Samba DC =

To determine the Active Directory (AD) schema version on a Samba domain controller (DC):

Replace "dc=samdom,dc=example,dc=com" with your own domain


# ldbsearch -H /usr/local/samba/private/sam.ldb -b 'cn=Schema,cn=Configuration,dc=samdom,dc=example,dc=com' -s base objectVersion
# ldbsearch -H /usr/local/samba/private/sam.ldb -b 'cn=Schema,cn=Configuration,dc=samdom,dc=example,dc=com' -s base objectVersion
Line 38: Line 85:




= Determine the AD Schema Version on a Windows Client or Server =
= Windows =


== dsquery ==
== dsquery ==


To determine the Active Directory (AD) schema version from the Windows command line:
Run the following command on a Windows command line, to determine the AD schema version:


> dsquery * "cn=Schema,cn=Configuration,dc=samdom,dc=example,dc=com" -scope base -attr objectversion
> dsquery * "cn=Schema,cn=Configuration,dc=samdom,dc=example,dc=com" -scope base -attr objectversion
Line 52: Line 99:
== PowerShell ==
== PowerShell ==


Run the following command on inside the Windows PowerShell, to determine the AD schema version:
To determine the Active Directory (AD) schema version from the Windows PowerShell:


> Get-ADObject (Get-ADRootDSE).schemaNamingContext -properties objectVersion
> Get-ADObject (Get-ADRootDSE).schemaNamingContext -properties objectVersion
Line 60: Line 107:
ObjectGUID : 92801cf6-f22d-4b7f-ba70-00af98790881
ObjectGUID : 92801cf6-f22d-4b7f-ba70-00af98790881
objectversion : 47
objectversion : 47





----
[[Category:Active Directory]]

Latest revision as of 03:20, 26 March 2024

AD Schema Versions

The official Active Directory (AD) schema versions are:

Windows Server Version Directory Schema Version
Windows Server 2022 88
Windows Server 2019 88
Windows Server 2016 87
Windows Server 2012R2 69
Windows Server 2012 56
Windows Server 2008R2 47
Windows Server 2008 44
Windows Server 2003R2 31
Windows Server 2003 30
Windows 2000 13

Samba AD Schema Version Support

Samba supports the following Active Directory schema versions:

Samba Version Highest Supported Schema Version
4.11 and later 69
4.5 - 4.10 69 *
4.0 - 4.4 47

* Experimental support. To report problems, click https://bugzilla.samba.org.

Live Upgrade

To upgrade the schema version on a running Samba installation to 2012_R2, use this command:

> samba-tool domain schemaupgrade

Note: This tool only works from 2008 R2. In order to upgrade from earlier versions, the ldf files must be manually sourced from the Windows adprep tool and run with the --ldf-file= option.

Determine the AD Schema Version on a Samba DC

To determine the Active Directory (AD) schema version on a Samba domain controller (DC):

Replace "dc=samdom,dc=example,dc=com" with your own domain

# ldbsearch -H /usr/local/samba/private/sam.ldb -b 'cn=Schema,cn=Configuration,dc=samdom,dc=example,dc=com' -s base objectVersion
# record 1
dn: CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
objectVersion: 47

# returned 1 records
# 1 entries
# 0 referrals



Determine the AD Schema Version on a Windows Client or Server

dsquery

To determine the Active Directory (AD) schema version from the Windows command line:

> dsquery * "cn=Schema,cn=Configuration,dc=samdom,dc=example,dc=com" -scope base -attr objectversion
objectversion
47


PowerShell

To determine the Active Directory (AD) schema version from the Windows PowerShell:

> Get-ADObject (Get-ADRootDSE).schemaNamingContext -properties objectVersion
DistinguishedName : CN=Schema,CN=Configuration,DC=contoso,DC=com
Name              : Schema
ObjectClass       : dMD
ObjectGUID        : 92801cf6-f22d-4b7f-ba70-00af98790881
objectversion     : 47