Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4623: Centrify Best Practice for upgrading Windows 2003R2 to Windows 2012R2

Authentication Service ,  

21 December,15 at 06:47 PM

Question:

What is the best practice when performing upgrade on AD schema from Windows 2003R2 to Windows 2012R2?  

 

Answer:

In Windows Server 2003, AES was not supported.  Windows Server 2008 and above introduced a new encryption type, AES, that can be used when Active Directory is running at Domain Controller Functional Level 2008 or 2012.  Centrify DirectControl 4.0.0 is not compatible with Windows 2012.  An upgrade for Centrify DirectControl running version 4.0.0 is needed.  Our latest version for Centrify DirectControl is suite 2014 (5.1.3).


Steps:

1.  Upgrade AD schema

2.  Upgrade Centrify DirectControl (a live upgrade can be done, after downloading the latest package, run the script "install.sh")

3.  On adclient, run as root to update keytab adding AES entries
# adkeytab –r -m  

4.  On the adclient, a restart is needed to cope with encryption type and computer password hash changes
# /usr/share/centrifydc/bin/centrifydc restart



 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 article[Basics] Understanding how Active Directory Functional Levels affect Centrified Systems articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) article[Labs] Installing Centrify Privilege Service + High-Availability with Windows Failover Clustering articleKB-1645: Using AES encryption with Windows 2008 domains article[Labs] Setting-up an AWS Test Lab for Centrify article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part I article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part II articleKB-3925: How to add Centrify parameter to a group policy article[Basics] Centrify Zone schemas, UNIX identity data sourcing and provisioning - Part I