[Samba] rfc2307 deprecated in Windows 2012 R2?

Hans-Kristian Bakke hkbakke at gmail.com
Thu Jan 29 14:02:14 MST 2015

It is actually rather easy to set the attributes via powershell, and
that is probably the best way to add them in a Server 2012 R2

I wrote a powershell script to do this automatically for users and
groups in an entire domain that should be pretty generic to be reused.
It also mirrors the logic used in automatic winbind UID/GID generation
to be able to coexist in an environment where not all hosts are
migrated to rfc2307 yet. If you want it I can give it to you, but as
you proably would want to write your own powershell-script you would
set properties for users and groups using these two cmdlets and some
foreach-logic looping over your search bases, users and groups:

Set-ADUser -Identity $username -Replace

Set-ADGroup -Identity $groupname -Replace @{gidNumber=$gid}

On 29 January 2015 at 21:24, Lars Hanke <debian at lhanke.de> wrote:
> Am 29.01.2015 um 21:12 schrieb Tim:
>> But if they take it away how to set them in future?
> If you need NIS, you probably have POSIX systems attached. So you can always
> set RFC2307 attributes from POSIX systems.
>> Am 29. Januar 2015 19:50:22 MEZ, schrieb Andrew Bartlett
>> <abartlet at samba.org>:
>>> On Wed, 2015-01-28 at 17:22 +0100, Tim wrote:
>>>> I got the chance to test samba 4 with windows 2012 R2 domain
>>>> controller on its highest functional level.
>>>> Possibly it's important to know that M$ says that the "server for NIS
>>>> Tools" which are needed to set rfc attributes are deprecated.
>>>> I could install them but I can't choose a NIS domain anymore in Unix
>>>> attributes.
>>>> Will we run into problems with samba4? Is it time for thinking about
>>> a
>>>> new idmapping backend? I have an idea for this (based on rid module)
>>>> but I like to know your thoughts.
>>> Even if they take away the admin tools, the schema changes won't go
>>> away, so don't worry.
>>> --
>>> Andrew Bartlett                       http://samba.org/~abartlet/
>>> Authentication Developer, Samba Team  http://samba.org
>>> Samba Developer, Catalyst IT
>>> http://catalyst.net.nz/services/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list