commit 9304cb2912fb1b553171eae5c0e973ba6150a4bf
Author: Matthias Dieter Wallnöfer <mdw@samba.org>
Date:   Fri Mar 14 17:36:17 2014 +0100

    s4:samba-tool domain raise tool - handle Windows 2000 mode AD domains correctly
    
    Considering http://msdn.microsoft.com/en-us/library/cc220262.aspx they do not
    provide any "msDS-Behavior-Version" attributes.
    
    gulikoza <gulikoza@users.sourceforge.net> noticed this correctly.

diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 62f8bfa..ddcdd25 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -1000,27 +1000,34 @@ class cmd_domain_level(Command):
           attrs=["msDS-Behavior-Version"])
         assert len(res_dc_s) >= 1
 
-        try:
+        # default values, since "msDS-Behavior-Version" does not exist on Windows 2000 AD
+        level_forest = DS_DOMAIN_FUNCTION_2000
+        level_domain = DS_DOMAIN_FUNCTION_2000
+
+        if "msDS-Behavior-Version" in res_forest[0]:
             level_forest = int(res_forest[0]["msDS-Behavior-Version"][0])
+        if "msDS-Behavior-Version" in res_domain[0]:
             level_domain = int(res_domain[0]["msDS-Behavior-Version"][0])
-            level_domain_mixed = int(res_domain[0]["nTMixedDomain"][0])
+        level_domain_mixed = int(res_domain[0]["nTMixedDomain"][0])
 
-            min_level_dc = int(res_dc_s[0]["msDS-Behavior-Version"][0]) # Init value
-            for msg in res_dc_s:
-                if int(msg["msDS-Behavior-Version"][0]) < min_level_dc:
+        min_level_dc = None
+        for msg in res_dc_s:
+            if "msDS-Behavior-Version" in msg:
+                if min_level_dc is None or int(msg["msDS-Behavior-Version"][0]) < min_level_dc:
                     min_level_dc = int(msg["msDS-Behavior-Version"][0])
+            else:
+                min_level_dc = DS_DOMAIN_FUNCTION_2000
+                # well, this is the least
+                break
 
-            if level_forest < 0 or level_domain < 0:
-                raise CommandError("Domain and/or forest function level(s) is/are invalid. Correct them or reprovision!")
-            if min_level_dc < 0:
-                raise CommandError("Lowest function level of a DC is invalid. Correct this or reprovision!")
-            if level_forest > level_domain:
-                raise CommandError("Forest function level is higher than the domain level(s). Correct this or reprovision!")
-            if level_domain > min_level_dc:
-                raise CommandError("Domain function level is higher than the lowest function level of a DC. Correct this or reprovision!")
-
-        except KeyError:
-            raise CommandError("Could not retrieve the actual domain, forest level and/or lowest DC function level!")
+        if level_forest < DS_DOMAIN_FUNCTION_2000 or level_domain < DS_DOMAIN_FUNCTION_2000:
+            raise CommandError("Domain and/or forest function level(s) is/are invalid. Correct them or reprovision!")
+        if min_level_dc < DS_DOMAIN_FUNCTION_2000:
+            raise CommandError("Lowest function level of a DC is invalid. Correct this or reprovision!")
+        if level_forest > level_domain:
+            raise CommandError("Forest function level is higher than the domain level(s). Correct this or reprovision!")
+        if level_domain > min_level_dc:
+            raise CommandError("Domain function level is higher than the lowest function level of a DC. Correct this or reprovision!")
 
         if subcommand == "show":
             self.message("Domain and forest function level for domain '%s'" % domain_dn)