DsAddEntry Failed...

R. Rochte rochte at gmail.com
Mon Nov 26 14:23:23 MST 2012


Scratch all of that - problem solved.  AD was running with "2003 interim"
functionality (it had been upgraded from an NT domain and still had one
legacy NT DC on the network).  Once it was upgraded to full 2003
functionality, the problem went away.

-R

On Mon, Nov 26, 2012 at 9:57 AM, R. Rochte <rochte at gmail.com> wrote:

> Also, this was recorded in the Directory Service log on my Windows DC:
>
> The request to add a new NTDS Settings object was denied because the
> highest functional level supported by the operating system was lower than
> the functional level of the domain or forest.
>
>
>
> Highest functional level of the operating system:
>
> 0
>
> Domain or forest functional level:
>
> 1
>
>
>
> User Action
>
> Install the correct operating system.
>
>
> On Mon, Nov 26, 2012 at 9:23 AM, R. Rochte <rochte at gmail.com> wrote:
>
>> Whilst attempting to join a Samba 4 box to an existing AD as an
>> additional domain controller, I received an error stating that the
>> "DsAddEntry failed".  Text below is copied from my attempt - domain name
>> has been replaced with "mydomain.org".   -R
>>
>>
>> root at thor:/usr/local/samba# bin/samba-tool domain join
>> school.mydomain.org DC -Uadministrator --realm=school.mydomain.org
>> Finding a writeable DC for domain 'school.mydomain.org'
>> Found DC helg.school.mydomain.org
>> Password for [WORKGROUP\administrator]:
>> workgroup is GPA
>> realm is school.mydomain.org
>> checking sAMAccountName
>> Deleted CN=THOR,CN=Computers,DC=school,DC=mydomain,DC=org
>> Adding CN=THOR,OU=Domain Controllers,DC=school,DC=mydomain,DC=org
>> Adding
>> CN=THOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=school,DC=mydomain,DC=org
>> Adding CN=NTDS
>> Settings,CN=THOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=school,DC=mydomain,DC=org
>> DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567,
>> 'WERR_DS_INCOMPATIBLE_VERSION')
>> Join failed - cleaning up
>> checking sAMAccountName
>> Deleted CN=THOR,OU=Domain Controllers,DC=school,DC=mydomain,DC=org
>> Deleted
>> CN=THOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=school,DC=mydomain,DC=org
>> ERROR(runtime): uncaught exception - DsAddEntry failed
>>   File
>> "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py",
>> line 175, in _run
>>     return self.run(*args, **kwargs)
>>   File
>> "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py", line
>> 552, in run
>>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>>   File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py", line
>> 1104, in join_DC
>>     ctx.do_join()
>>   File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py", line
>> 1007, in do_join
>>     ctx.join_add_objects()
>>   File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py", line
>> 525, in join_add_objects
>>     ctx.join_add_ntdsdsa()
>>   File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py", line
>> 458, in join_add_ntdsdsa
>>     ctx.DsAddEntry([rec])
>>   File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py", line
>> 421, in DsAddEntry
>>     raise RuntimeError("DsAddEntry failed")
>>
>>
>


More information about the samba-technical mailing list