[Samba] Lowest functional level 2000 (4.6.4)
Rowland Penny
rpenny at samba.org
Mon Jun 5 13:52:33 UTC 2017
On Mon, 5 Jun 2017 13:29:10 +0100
Danny Tipple via samba <samba at lists.samba.org> wrote:
> I have a samba dc which i recently upgraded to 4.6.4. I was looking
> at updating the functional level as it currently returns:
>
> Forest function level: (Windows) 2000
> Domain function level: (Windows) 2000
> Lowest function level of a DC: (Windows) 2000
>
> There is only a single DC (this host).
>
> According to the documentation 2000 isn’t even supported anymore:
> https://wiki.samba.org/index.php/Raising_the_Functional_Levels
> <https://wiki.samba.org/index.php/Raising_the_Functional_Levels>
>
> <https://wiki.samba.org/index.php/Raising_the_Functional_Levels>
> Any attempt to raise the level with samba-tool returns:
>
> Domain function level can't be higher than the lowest function level
> of a DC!
>
> The fsmo roles are as follows:
>
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local
> DomainDnsZonesMasterRole: * The 'domaindns' role is not present in
> this domain ForestDnsZonesMasterRole: * The 'forestdns' role is not
> present in this domain
>
> Do i need to downgrade samba in order to ‘upgrade’ past 2000? Was
> support/raising from 2000 removed at some point?
How did you manage to get a Samba AD DC with level 2000 ? The only way I
can think of is, you joined Samba to an existing windows DC.
There is a thread about this, here:
https://lists.samba.org/archive/samba-technical/2014-March/098335.html
Sorry, but it doesn't look like a cure was found.
You probably have the wrong schema and no DNS in AD.
Rowland
More information about the samba
mailing list