Downgrading an Active Directory DC: Difference between revisions

From SambaWiki
Line 5: Line 5:
= Reliability of the two methods =
= Reliability of the two methods =


For the join method, this is intended to always work as newer versions should return more consistent results via replication and so the older version is more permissive. In practice, this method may be trickier due to needing orchestration, DNS record conflicts, naming and other topology related artifacts.
For the join method, this is intended to always work as newer versions should return more consistent results via replication and so the older version is more permissive. In practice, this method may be trickier due to needing orchestration, DNS record conflicts, naming and other topology related artifacts. It may take some additional time to stabilize across the network.


The 'in-place' method is described on the [[Updating_Samba#The_Update_Process|Updating Samba]] page as a standard method of updating. While updates tend to have code within the Samba daemon to auto-update underlying formats and discrepancies, or rely on the [[Updating_Samba#Samba_AD_DC_Database_Check|Samba AD DC database check]] tool, downgrades of certain versions may require additional tools to run (described on this page).
The 'in-place' method is described on the [[Updating_Samba#The_Update_Process|Updating Samba]] page as a standard method of updating. While updates tend to have code within the Samba daemon to auto-update underlying formats and discrepancies, or rely on the [[Updating_Samba#Samba_AD_DC_Database_Check|Samba AD DC database check]] tool, downgrades of certain versions may require additional tools to run (described on this page).

Revision as of 01:21, 4 July 2019

In general, there are two ways to upgrade or downgrade Samba AD DC. The first way is to replace the packages or binaries 'in-place', which may require additional steps to operate correctly. The second way is to join (or re-join) a new domain controller and optionally demoting any unused controllers.

Reliability of the two methods

For the join method, this is intended to always work as newer versions should return more consistent results via replication and so the older version is more permissive. In practice, this method may be trickier due to needing orchestration, DNS record conflicts, naming and other topology related artifacts. It may take some additional time to stabilize across the network.

The 'in-place' method is described on the Updating Samba page as a standard method of updating. While updates tend to have code within the Samba daemon to auto-update underlying formats and discrepancies, or rely on the Samba AD DC database check tool, downgrades of certain versions may require additional tools to run (described on this page).

Downgrade compatibility (4.7 - 4.11)

Downgrade table
AA BB CC DD CCC
SS III BB YY