Windows 2000 support

Rowland Penny repenny241155 at
Fri Apr 8 20:17:02 UTC 2016

On 08/04/16 21:02, Andrew Bartlett wrote:
> On Fri, 2016-04-08 at 19:06 +0100, Rowland Penny wrote:
>> On 08/04/16 18:52, Thomas Schulz wrote:
>>> In the thread titled
>>> '[PATCH] samba-tool throws error if there is an empty FSMO role'
>>> Rowland asked:
>>>> Also would this be a good time to start discussing dropping
>>>> support for
>>>> '2000', Microsoft dropped support for it nearly 6yrs ago, you
>>>> have to
>>>> actively select the 2000 function level at provision and who is
>>>> likely
>>>> to do that ?
>>> We have a domain with a Windows 2000 Server system as the domain
>>> controller.
>>> Awhile back I tried to set up Samba 4.1.something as an additional
>>> domain controller to provide some redundancy if the Windows 2000
>>> machine
>>> went down. I was not sucessfull as replication did not work from
>>> the
>>> Samba DC back to the Windows DC. After working on it for awhile I
>>> gave
>>> up on it. Is there some special 2000 function level that I could
>>> have
>>> selected that would have made things work?
>>> I know that it is a very bad thing to rely on Windows 2000 Serever
>>> on a
>>> 15 year old computer, but for several reasons we can not update it.
>>> We reciently went out and bought a full set of spare parts for the
>>> machine so that we can fix any failures.
>>> Tom Schulz
>>> Applied Dynamics Intl.
>>> schulz at
>> What I meant was, and said so in a roundabout way, should we drop
>> support for 'provisioning' a *new* domain as function level '2000'.
>> Obviously there will be cases of people wanting to join a Samba AD
>> machine to a 2000 server and this should be supported as a way for
>> users
>> to upgrade to an higher function level.
> The issue there is that if we do that, we loose the ability to test if
> we can run in such an environment.   Indeed, we probably should ensure
> our join code uses that.

Patches are always welcome :-)

> One of the more important differences is the lack of msDS-IntID
> support, which is an important issue in extended schema replication.
>>    It sounds like I need to re-visit the code and make it (if
>> possible) 2000 aware (i.e. no DNS roles)
> In that case, there are other ways to have no DNS roles, like having
> once been a 2000 domain (even if upgraded) or a provision with --dns
> -backend=BIND9_DLZ or NONE.  The fl2000 environment was just the easy
> example you could work with.
> Thanks!
> Andrew Bartlett

Is there any setting I can easily test for that will tell if there is no 
DNS ? apart from the function level.


More information about the samba-technical mailing list