Can we add the CA mastery or CA replica to an IPA v4 server that is a replica and later promote to CA mastery? We have a IPA v3 server that has been the only CA master for several years. We have a recent IPAv4 replica that was set up without
DNS or CA or NTP at the point of creation, so only the LDAP is in the replication agreement. We are trying to retire the IPA v3 servers and have a new replication pair in IPA v4 without breaking the realm and all our clients and users records. We keep running
into walls and roadblocks as we try to build a procedure we can execute in an off-hours maintenance window.
Steven Auerbach
Assistant Director of Information Systems
Information Technology & Security
State University System of Florida
Board of Governors
325 W. Gaines Street
Tallahassee, Florida 32399
(850) 245-9592
