Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4623: Centrify Best Practice for upgrading Windows 2003R2 to Windows 2012R2

Authentication Service ,  

21 December,15 at 06:47 PM

Question:

What is the best practice when performing upgrade on AD schema from Windows 2003R2 to Windows 2012R2?  

 

Answer:

In Windows Server 2003, AES was not supported.  Windows Server 2008 and above introduced a new encryption type, AES, that can be used when Active Directory is running at Domain Controller Functional Level 2008 or 2012.  Centrify DirectControl 4.0.0 is not compatible with Windows 2012.  An upgrade for Centrify DirectControl running version 4.0.0 is needed.  Our latest version for Centrify DirectControl is suite 2014 (5.1.3).


Steps:

1.  Upgrade AD schema

2.  Upgrade Centrify DirectControl (a live upgrade can be done, after downloading the latest package, run the script "install.sh")

3.  On adclient, run as root to update keytab adding AES entries
# adkeytab –r -m  

4.  On the adclient, a restart is needed to cope with encryption type and computer password hash changes
# /usr/share/centrifydc/bin/centrifydc restart



 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-1645: Using AES encryption with Windows 2008 domains articleKB-3925: How to add Centrify parameter to a group policy articleKB-7334: Upgrading the Centrify agent for Mac articleKB-2018: Upgrade Domain Controller from W2K3 to W2K8/W2K8R2 articleKB-7737: Best practice options for Software vendors to identify Mac computers bound to Active Directory using Centrify articleKB-7437: Upgrading the server running the Centrify software from Windows 2008/2008 R2 to 2012/2012 R2 articleKB-2098: How to configure Windows 2008 R2 to support DES/nfsv4? articleKB-2019: Windows 2008 R2 does not support DES by default