[Samba] Azure AD Connect but domain functional level 2012_R2 not yet supported?
Andrew Martin
amartin at xes-inc.com
Thu Jun 24 14:40:57 UTC 2021
Hello,
I am interested in following the instructions here to test out Azure AD Connect
with local Samba DCs:
https://wiki.samba.org/index.php/Azure_AD_Sync
Per the above instructions, it looks like the domain functional level needs to
be raised to 2012_R2, but according to these pages, 2012_R2 is not supported yet
on Samba DCs:
https://wiki.samba.org/index.php/Raising_the_Functional_Levels#Supported_Functional_Levels
https://lists.samba.org/archive/samba/2019-June/223643.html
Is there an ETA for support for 2012_R2?
Or, does Azure AD Connect only require that the Schema Level and Preparation
Level be raised to 2012_R2, but not the Functional Level? (the difference
between these 3 features is defined in the link below)
https://wiki.samba.org/index.php/Windows_2012_Server_compatibility#Overview
If so, what are the consequences of running the Schema Level and Preparation
Level at different values from the Functional Level (leaving the latter at
2008_R2)? It seems like running these at different values wouldn't be a
recommended configuration.
Moreover, what is the safe and correct way to raise any of these levels?
According to the following page, using samba-tool is not safe or recommended for
raising the Functional Level:
https://wiki.samba.org/index.php/Windows_2012_Server_compatibility#Functional_level
Yet it appears the Windows RSAT tool is also not supported:
https://wiki.samba.org/index.php/Raising_the_Functional_Levels#Using_the_Windows_Active_Directory_Domains_and_Trusts_Utility
Thanks for the help on all of these questions!
Andrew
More information about the samba
mailing list