How functional levels work (was: Re: Provision bug ????)
Andrew Bartlett
abartlet at samba.org
Sun Apr 10 19:15:17 UTC 2016
On Sun, 2016-04-10 at 12:11 +0100, Rowland Penny wrote:
> OK, whilst trying to write 'fsmo.py' yet again, taking into account
> that
> there may not be any dns zones, I provisioned a new domain with this:
>
> samba-tool domain provision --use-rfc2307 --use-xattrs=yes
> --realm=SAMBA.TEST.TLD --domain=SAMBA --server-role=dc
> --function-level=2000 --adminpass=XXXXXXXXXX
>
> When I checked with:
>
> ldbsearch -H /usr/local/samba/private/sam.ldb -b
> "CN=Sites,CN=configuration,DC=samba,DC=test,DC=tld" -s sub
> '(objectclass=nTDSDSA)'
>
> Amongst the results, I found this:
>
> msDS-Behavior-Version: 4
I'm presuming this is on the DC object?
> I sort of expected it not to be there, or set to '0'
>
> so I ran:
>
> root at dc2000a:~# samba-tool domain level show
> Domain and forest function level for domain 'DC=samba,DC=test,DC=tld'
>
> Forest function level: (Windows) 2000
> Domain function level: (Windows) 2000
> Lowest function level of a DC: (Windows) 2008 R2
>
>
> OK, how can the only DC in a domain have a lowest function level that
> is
> higher than the domain or forest level ?? or am I missing something ?
The DC functional level is (emulating) the software version of windows
it is. It tells you how high you can move the forest and domain
functional levels, because of course you can't have them higher than
the lowest (oldest) server.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list