Beginning with OES 2015 SP1 May 2017 Hot Patch, you can perform the schema level update on a single server domain, multi-server domain, or multi-domain forest. The schema level and the domain functional level equivalent to AD 2012 can be updated using the domainUpgrade.pl script.
To extend the schema and configure AD 2012 functional level, execute the script first on the Primary Domain Controller and then on Additional Domain Controller as follows:
Execute the script #perl /opt/novell/xad/sbin/domainUpgrade.pl and enter the administrator password of the eDirectory tree.
Restart all the DSfW services by using the command #xadcntrl reload.
Updating the Domain Functional Level and Forest Functional Level:
To update the Domain Functional Level to AD 2012, re-run the script /opt/novell/xad/sbin/domainUpgrade.pl -D on the Primary Domain Controller of each domain.
To update the Forest Functional Level to AD 2012, re-run the script /opt/novell/xad/sbin/domainUpgrade.pl -F on the Primary Domain Controller of Forest Root Domain.
NOTE:In the case of single domain setup, run the scripts /opt/novell/xad/sbin/domainUpgrade.pl -D and /opt/novell/xad/sbin/domainUpgrade.pl -F on the Primary Domain Controller one after the other.
Reboot all the workstations and member servers joined to the DSfW domain after the domain upgrade to AD 2012.
When the schema level is updated from AD 2003 to AD 2012, new objects and attribute definitions are added. In the following example, a sample attribute msds-SupportedEncryptionTypes is used for validating the schema update. For comparison you can use another DSfW server as a reference server which is at AD 2003 level.
On updating to AD 2012, the attribute msds-SupportedEncryptionTypes is available in the /var/opt/novell/eDirectory/schema.log file.
Verify all the services are running by using the command #xadcntrl status.
Log in to iManager using the domain or eDirectory credentials.
Click Roles & Tasks > Schema > Attribute Information.
The following new attributes are added in the domain:
msDS-SupportedEncryptionTypes
msDS-PasswordComplexityEnabled
msDS-PasswordHistoryLength
msDS-PasswordRevEncEnabled
msDS-PasswordSettingsPrecedence
These attributes are not available in the schema of AD 2003 server.
Export the schema on the server by using the command:
# ldapsearch -b cn=schema -s base -x -o ldif-wrap=200 >/tmp/after-schema-upgrade.
Verify the dump file after-schema-upgrade for new attributes. These attributes are not available in the schema dump of the reference server.
Domain Functional Level refers to a set of attribute values that help applications to determine the functional level of the domain. That is, to determine whether it is at the schema level AD 2003 or AD 2012.
To Validate the Domain Functional Level: In the Windows 10 MMC, click Active Directory Domains and Trusts, right-click Domain, then select Raise Domain Functional Level.
A message displays the Domain functional level. AD 2012 for the updated server and AD 2003 for the reference server used for validation.
To Validate the Forest Functional Level: In the forest root domain server, execute the following LDAP search.
ldapsearch -LLL -D <tree admin> -w <password> x-b cn=Partitions,cn=Configuration,<domain partition> -s base dn msds-behavior-version.
The msds-behavior-version should be 5.