Can we add the CA mastery or CA replica to an IPA v4 server that is a replica and later promote to CA mastery?  We have a IPA v3 server that has been the only CA master for several years. We have a recent IPAv4 replica that was set up without DNS or CA or NTP at the point of creation, so only the LDAP is in the replication agreement. We are trying to retire the IPA v3 servers and have a new replication pair in IPA v4 without breaking the realm and all our clients and users records.  We keep running into walls and roadblocks as we try to build a procedure we can execute in an off-hours maintenance window.

*Steven Auerbach* *Assistant Director of Information Systems* *Information Technology & Security*** ** State University System of Florida Board of Governors 325 W. Gaines Street Tallahassee, Florida 32399 (850) 245-9592 www.flbog.edu <http://www.flbog.edu/> Graphic for Email _______________________________________________ FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...