What is the best practice when performing upgrade on AD schema from Windows 2003R2 to Windows 2012R2?
In Windows Server 2003, AES was not supported. Windows Server 2008 and above introduced a new encryption type, AES, that can be used when Active Directory is running at Domain Controller Functional Level 2008 or 2012. Centrify DirectControl 4.0.0 is not compatible with Windows 2012. An upgrade for Centrify DirectControl running version 4.0.0 is needed. Our latest version for Centrify DirectControl is suite 2014 (5.1.3).
1. Upgrade AD schema
2. Upgrade Centrify DirectControl (a live upgrade can be done, after downloading the latest package, run the script "install.sh
")3. On adclient, run as root to update keytab adding AES entries# adkeytab –r -m 4. On the adclient, a restart is needed to cope with encryption type and computer password hash changes# /usr/share/centrifydc/bin/centrifydc restart