How functional levels work
Rowland Penny
repenny241155 at gmail.com
Mon Apr 11 06:56:15 UTC 2016
On 11/04/16 06:31, Michael Adam wrote:
> On 2016-04-10 at 20:29 +0100, Rowland Penny wrote:
>> On 10/04/16 20:15, Andrew Bartlett wrote:
>>> On Sun, 2016-04-10 at 12:11 +0100, Rowland Penny wrote:
>>>> root at dc2000a:~# samba-tool domain level show
>>>> Domain and forest function level for domain 'DC=samba,DC=test,DC=tld'
>>>>
>>>> Forest function level: (Windows) 2000
>>>> Domain function level: (Windows) 2000
>>>> Lowest function level of a DC: (Windows) 2008 R2
>>>>
>>>> OK, how can the only DC in a domain have a lowest function
>>>> level that is higher than the domain or forest level ??
>>>> or am I missing something ?
> This says that there is no DC in the domain
> (or forest?) that is of level lower than 2008 R2.
> But the domain and forest are still configured to
> only use 2000 level functionality, hence allowing
> for older DCs. That is no contradiction:
Ah, light dawns (I think), when you say 'level lower than 2008 R2', this
means 'The highest level of DC you can join is 2008 R2, but it will
function as a 2000 server'.
Rowland
>
> These per domain and forest settings are explicitly
> configurable. These settings of domain and forest
> functional level set minimum levels for DCs of the
> domain / forest. But the de facto lower bound for
> functional level of existing DCs in a domain/forest
> does not implicitly set the domain/forest bound.
>
> E.g. a domain with functional level 2000 can have
> only DCs of level 2008R2 or newer, but a domain of
> level 2008R2 can not have a DC of level 2003.
>
> Cheers - Michael
More information about the samba-technical
mailing list