[Samba] Integrating remote Samba DC in existing 2012R2 AD

Marc Muehlfeld mmuehlfeld at samba.org
Thu Oct 27 15:20:01 UTC 2016

Hi Bogdan,

Am 27.10.2016 um 14:59 schrieb Bogdan Rudas via samba:
> We have Windows-base AD with 2012R2 level. I would like to provide
> authentication and GPO in our new remote branch office. Basically, there
> are two ways:
> 1. Samba-only domain + trust relationship main AD.
> 2. Remote Samba DC as members of existing AD maintainig same set of users.
> FAQ says that 'trust' is useless due to group membership restrictions. But
> what about second option, does it make sense to use Samba as remote DC?
> What restrictions will be applied in this case?

Joining a Windows 2012R2 DC to a Samba-based AD currently fails:

But I recently successfully joined a Samba 4.5.0rc DC to a Windows-based
AD, when I rewrote:
However, this was a test environment - but everything looked successful.

As mentioned in
you require Samba >=4.5, because this version is the first that brings
AD schema 69 support. Additionally, you have to downgrade the forest
functional level to 2008_R2.

However, test the procedure before doing this production environment. :-)

Please let me know about success/failure or problems with the docs.


More information about the samba mailing list