[Samba] rfc2307 deprecated in Windows 2012 R2?

Tim lists at kiuni.de
Thu Jan 29 15:27:56 MST 2015

I'd like to see it. How did you automate this?

In another thread I suggested to set the rfc2307 info automatically when a domain is provisioned with --use-rfc2307. Possibly by an additional parameter.
This would make things easier in my eyes.


Am 29. Januar 2015 22:02:14 MEZ, schrieb Hans-Kristian Bakke <hkbakke at gmail.com>:
>It is actually rather easy to set the attributes via powershell, and
>that is probably the best way to add them in a Server 2012 R2
>I wrote a powershell script to do this automatically for users and
>groups in an entire domain that should be pretty generic to be reused.
>It also mirrors the logic used in automatic winbind UID/GID generation
>to be able to coexist in an environment where not all hosts are
>migrated to rfc2307 yet. If you want it I can give it to you, but as
>you proably would want to write your own powershell-script you would
>set properties for users and groups using these two cmdlets and some
>foreach-logic looping over your search bases, users and groups:
>Set-ADUser -Identity $username -Replace
>Set-ADGroup -Identity $groupname -Replace @{gidNumber=$gid}
>On 29 January 2015 at 21:24, Lars Hanke <debian at lhanke.de> wrote:
>> Am 29.01.2015 um 21:12 schrieb Tim:
>>> But if they take it away how to set them in future?
>> If you need NIS, you probably have POSIX systems attached. So you can
>> set RFC2307 attributes from POSIX systems.
>>> Am 29. Januar 2015 19:50:22 MEZ, schrieb Andrew Bartlett
>>> <abartlet at samba.org>:
>>>> On Wed, 2015-01-28 at 17:22 +0100, Tim wrote:
>>>>> I got the chance to test samba 4 with windows 2012 R2 domain
>>>>> controller on its highest functional level.
>>>>> Possibly it's important to know that M$ says that the "server for
>>>>> Tools" which are needed to set rfc attributes are deprecated.
>>>>> I could install them but I can't choose a NIS domain anymore in
>>>>> attributes.
>>>>> Will we run into problems with samba4? Is it time for thinking
>>>> a
>>>>> new idmapping backend? I have an idea for this (based on rid
>>>>> but I like to know your thoughts.
>>>> Even if they take away the admin tools, the schema changes won't go
>>>> away, so don't worry.
>>>> --
>>>> Andrew Bartlett                       http://samba.org/~abartlet/
>>>> Authentication Developer, Samba Team  http://samba.org
>>>> Samba Developer, Catalyst IT
>>>> http://catalyst.net.nz/services/samba
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list