Windows 2012 as a DC in a Samba AD
Marc Muehlfeld
mmuehlfeld at samba.org
Mon Dec 22 12:10:53 MST 2014
Hello,
because Windows 2008 is getting older and people may start asking for
2012 _as a DC_ in a Samba AD, I spend some time on researches about how
2012 R2 can be joined as a DC to a Samba based AD. And I wanted to share
my findings and invite to talk about possible improvements, to get this
working.
1.) Direct join of 2012 as DC to Samba AD is not possible, because it
requires WMI and DFS-R. But if you're having a 2008 DC in your domain as
well, you can do the join using this one for initial replication. :-)
2.) For the join of the first 2012 DC, an AD schema updates are
required. Samba doesn't seem to support the 2012(R2) schemas yet. If you
promote the 2008 DC as Schema and Infrastructure Master, the schema
update succeeds, but breaks AD replication with all Samba DCs and makes
your AD worthless!
In the end I can say: Yes, with some workarounds it's possible to join a
2012 R2 DC to Samba AD. But replication with Samba DCs will break, what
means your AD gets inconsistent/broken!
I wrote down my experiences of the only way I found for a join:
https://wiki.samba.org/index.php/Joining_a_Windows_Server_2012_/_2012_R2_DC_to_a_Samba_AD
This isn't linked in the Wiki and I send this only to samba-technical as
a reference. Also I put many "don't do this!" and "breaks your AD!" to
the documentation. :-)
I know that the WMI and DFS-R support won't be soon in Samba. But maybe
a goal can be to handle the new schemas. Then the workaround with the
2008 DC for the first 2012 join could be a way, to provide 2012 DC
support. And 2012 DC Windows admins can migrate to Samba, too. ;-)
If someone is interested in more details, logs, etc., let me know.
Regards,
Marc
More information about the samba-technical
mailing list