[Samba] Integrating remote Samba DC in existing 2012R2 AD
mmuehlfeld at samba.org
Thu Oct 27 15:20:01 UTC 2016
Am 27.10.2016 um 14:59 schrieb Bogdan Rudas via samba:
> We have Windows-base AD with 2012R2 level. I would like to provide
> authentication and GPO in our new remote branch office. Basically, there
> are two ways:
> 1. Samba-only domain + trust relationship main AD.
> 2. Remote Samba DC as members of existing AD maintainig same set of users.
> FAQ says that 'trust' is useless due to group membership restrictions. But
> what about second option, does it make sense to use Samba as remote DC?
> What restrictions will be applied in this case?
Joining a Windows 2012R2 DC to a Samba-based AD currently fails:
But I recently successfully joined a Samba 4.5.0rc DC to a Windows-based
AD, when I rewrote:
However, this was a test environment - but everything looked successful.
As mentioned in
you require Samba >=4.5, because this version is the first that brings
AD schema 69 support. Additionally, you have to downgrade the forest
functional level to 2008_R2.
However, test the procedure before doing this production environment. :-)
Please let me know about success/failure or problems with the docs.
More information about the samba