How functional levels work
Rowland Penny
repenny241155 at gmail.com
Mon Apr 11 07:09:32 UTC 2016
On 11/04/16 08:03, Michael Adam wrote:
> On 2016-04-11 at 07:56 +0100, Rowland Penny wrote:
>> On 11/04/16 06:31, Michael Adam wrote:
>>> On 2016-04-10 at 20:29 +0100, Rowland Penny wrote:
>>>> On 10/04/16 20:15, Andrew Bartlett wrote:
>>>>> On Sun, 2016-04-10 at 12:11 +0100, Rowland Penny wrote:
>>>>>> root at dc2000a:~# samba-tool domain level show
>>>>>> Domain and forest function level for domain 'DC=samba,DC=test,DC=tld'
>>>>>>
>>>>>> Forest function level: (Windows) 2000
>>>>>> Domain function level: (Windows) 2000
>>>>>> Lowest function level of a DC: (Windows) 2008 R2
>>>>>>
>>>>>> OK, how can the only DC in a domain have a lowest function
>>>>>> level that is higher than the domain or forest level ??
>>>>>> or am I missing something ?
>>> This says that there is no DC in the domain
>>> (or forest?) that is of level lower than 2008 R2.
>>> But the domain and forest are still configured to
>>> only use 2000 level functionality, hence allowing
>>> for older DCs. That is no contradiction:
>> Ah, light dawns (I think), when you say 'level lower than 2008 R2', this
>> means 'The highest level of DC you can join is 2008 R2, but it will function
>> as a 2000 server'.
> Essentially, yes. The advanced features will only be
> enabled once the domain (or forest) functional level
> is raised.
>
> See
>
> https://technet.microsoft.com/en-us/library/cc787290%28v=ws.10%29.aspx
>
> and
>
> https://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels%28v=ws.10%29.aspx
>
> Cheers - Michael
Of course, you could just have said 'Microsoft named the attribute' and
a better name would have been 'ms-highest-dc-you-can-join' , after all,
they have form for mis-naming attributes :-D
Rowland
More information about the samba-technical
mailing list