Downgrading an Active Directory DC: Difference between revisions

From SambaWiki
Line 70: Line 70:
</pre>
</pre>


Make sure to run the downgradedatabase script before starting Samba with this version.

=== Python 2 vs Python 3 ===
<pre>
<pre>
Traceback (most recent call last):
Traceback (most recent call last):
Line 79: Line 82:
</pre>
</pre>


If the following error occurs, try using a different version of Python than the one set by default.


[[Category:Active Directory]]
[[Category:Active Directory]]

Revision as of 05:19, 9 July 2019

In general, there are two ways to upgrade or downgrade Samba AD DC. The first way is to replace the packages or binaries 'in-place', which may require additional steps to operate correctly. The second way is to join (or re-join) a new domain controller and optionally demoting any unused controllers.

Reliability of the two methods

For the join method, this is intended to always work as newer versions should return more consistent results via replication and so the older version is more permissive. In practice, this method may be trickier due to needing orchestration, DNS record conflicts, naming and other topology related artifacts. It may take some additional time to stabilize across the network.

The 'in-place' method is described on the Updating Samba page as a standard method of updating. While updates tend to have code within the Samba daemon to auto-update underlying formats and discrepancies, or rely on the Samba AD DC database check tool, downgrades of certain versions may require additional tools to run (described on this page).

Downgrade compatibility (4.7 - 4.11)

The following details apply only to in-place downgrades. downgradedatabase and undoguididx refer to scripts in source4/scripting/bin/samba-{downgradedatabase|undoguididx}. These scripts should be run after you switch the version, but before you start Samba again.

to \ from 4.11 4.10 4.9 4.8 4.7
4.11 -
4.10 downgradedatabase -
4.9 downgradedatabase - -
4.8 downgradedatabase - - -
4.7 downgradedatabase undoguididx undoguididx undoguididx -

Within a particular major Samba version, downgrades of point releases should be available. There are two versions where major database format changes have occurred, Samba 4.11 and Samba 4.8. sambadowngradedatabase should function the same as sambaundoguididx (the script was renamed and reworked), but is not available in prior versions.

Post-downgrade

These scripts change to database format to conform to Samba 4.7 and prior. Upon starting the downgraded code using Samba, an auto-upgrade to the appropriate format for the running version may occur. Re-indexing may also occur and so in general, the domain controller may be running but out of operation for a brief period of time (auto-upgrade should take a few minutes at most for even very large instances).

Errors

4.11 -> 4.9

Starting Samba

Incorrect binary packing format

ldb: Invalid data for index  DN=@BASEINFO

===============================================================
INTERNAL ERROR: Signal 11 in pid XXXX (4.9.XXX)
Please read the Trouble-Shooting section of the Samba HOWTO
===============================================================

Make sure to run the downgradedatabase script before starting Samba with this version.

Python 2 vs Python 3

Traceback (most recent call last):
  File "source4/scripting/bin/sambadowngradedatabase", line 10, in <module>
    import samba
  File "bin/python/samba/__init__.py", line 28, in <module>
    import ldb
ImportError: dynamic module does not define module export function (PyInit_ldb)

If the following error occurs, try using a different version of Python than the one set by default.