[Samba] Integrating remote Samba DC in existing 2012R2 AD
Marc Muehlfeld
mmuehlfeld at samba.org
Thu Oct 27 15:20:01 UTC 2016
Hi Bogdan,
Am 27.10.2016 um 14:59 schrieb Bogdan Rudas via samba:
> We have Windows-base AD with 2012R2 level. I would like to provide
> authentication and GPO in our new remote branch office. Basically, there
> are two ways:
> 1. Samba-only domain + trust relationship main AD.
> 2. Remote Samba DC as members of existing AD maintainig same set of users.
>
> FAQ says that 'trust' is useless due to group membership restrictions. But
> what about second option, does it make sense to use Samba as remote DC?
> What restrictions will be applied in this case?
Joining a Windows 2012R2 DC to a Samba-based AD currently fails:
https://wiki.samba.org/index.php/Joining_a_Windows_Server_2012_/_2012_R2_DC_to_a_Samba_AD
But I recently successfully joined a Samba 4.5.0rc DC to a Windows-based
AD, when I rewrote:
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
However, this was a test environment - but everything looked successful.
As mentioned in
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Preconditions
you require Samba >=4.5, because this version is the first that brings
AD schema 69 support. Additionally, you have to downgrade the forest
functional level to 2008_R2.
However, test the procedure before doing this production environment. :-)
Please let me know about success/failure or problems with the docs.
Regards,
Marc
More information about the samba
mailing list