[Samba] Azure AD Connect

gabben gabbenx at gmail.com
Mon Mar 30 17:51:24 UTC 2020

We had to join a W2012 AD server to our domain in order for the password hash syncing to function properly. 

The Windows AD Sync software can run on any domain member Windows machine, and it will sync everything (except passwords) you configure it to sync from a pure Samba controlled domain, but it will throw errors about password hash sync.

We most recently tried the sync against our Samba only domain while on the 4.11 release series (4.11.4 I believe)  in fall/winter of last year, and then installed W2012 as a DC and the password hash syncing started working once we pointed the AD sync software at the Windows DC.

I would be so excited if the Samba developers would look into this and update samba so the password hash sync functionality works against a Samba DC. 

The presence of the Windows 2012 server as a DC has caused various problems, like it has problems with replication after we demote and promote one of the Samba DCs. I’d love to get rid of it again. It needs more attention, care, and feeding than the Samba DCs.

Good luck.

> On Mar 30, 2020, at 6:05 AM, Marcio Merlone via samba <samba at lists.samba.org> wrote:
> some not-so-old posts there is a problem syncing password hashes, but since samba is an ever evolving solution I would like to know how are you dealing with this?

More information about the samba mailing list