s4:provision - Bump down the domain and forest level to Windows 2000

Andrew Bartlett abartlet at samba.org
Sun Sep 20 16:17:09 MDT 2009

On Fri, 2009-09-18 at 10:51 -0500, Matthias Dieter Wallnöfer wrote:

> commit 89f5df6fa7cca1aaec81e29b8777bab5b4068003
> Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
> Date:   Fri Sep 18 16:21:29 2009 +0200
>     s4:provision - Bump down the domain and forest level to Windows 2000
>     - The DC level we keep on Windows Server 2008 R2 (we should call ourself
>       always the newest server type)
>     - The domain/forest level we set to the minimum (Windows 2000 native) to
>       allow all AD DC types (from Windows 2000 on) in our domain - the NT4 "mixed"
>       mode isn't supported by us (discussed on mailing list) -> "nTMixedDomain" is
>       set always to 0
>     - I'll add a script which allows to bump the DC level (basically sets the
>       "msDS-Behaviour-Version" attributes on the "Partitions/Configuration/DC" and
>       on the "DC" object)


I'm puzzled as to why we needed to change the default functional level
here.  Perhaps I'm missing something, but what was wrong with the old

I'm quite happy to have options in our provision to set the domain
functional level (certainly between Windows 2003 and Windows 2008
level), and have scripts to change it, but the default should not be
changed without discussion on the list. 

Similarly, we should not advertise a higher server functional level
without carefully considering and discussing the consequences.   

I'm sorry to have to be so picky about this, but we need to work a bit
closer to review your changes for their broader impact.  We have a big
week of testing coming up at Microsoft, and changes like this mid-week
could really throw a spanner in the works. 

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090920/f3381292/attachment.pgp>

More information about the samba-technical mailing list