[Samba] can windows server 2012 R2 join samba ad directly

Adam Xu adam_xu at adagene.com.cn
Fri Mar 25 06:04:38 UTC 2022 

Some additional information:

I tried to use the "password writeback" feature of Azure AD.

When a user change his password in Microsoft 365 (cloud), the password 
was synced to Windows AD. but never synced to samba AD.

It seems that Microsoft is now adding more and more features to Azure 
AD, and samba AD is becoming more and more difficult to be compatible 
with it🙁

在 2022/3/23 17:03, Adam Xu via samba 写道:
> In windows DC, when I ran "repadmin /showrepl", No error occured.
>
> Some possible related samba dc errors:
>
> [2022/03/20 11:25:13.940775,  0] 
> ../../source4/dsdb/repl/replicated_objects.c:735(dsdb_replicated_objects_convert)
>   dsdb_replicated_objects_convert: Ignoring object outside partition 
> f846aa31-2ee0-4596-8ee2-44be210bfacd 
> DC=ForestDnsZones,DC=ntbaobei,DC=com: WERR_DS_ADD_REPLICA_INHIBITED
> [2022/03/20 11:25:13.941671,  0] 
> ../../source4/dsdb/repl/replicated_objects.c:735(dsdb_replicated_objects_convert)
>   dsdb_replicated_objects_convert: Ignoring object outside partition 
> 53c67ead-f463-4fe0-b1f0-54259edd1598 
> DC=DomainDnsZones,DC=ntbaobei,DC=com: WERR_DS_ADD_REPLICA_INHIBITED
>
> 在 2022/3/22 16:32, Andrew Bartlett via samba 写道:
>> I would need to see the logs on the Samba side.  Do other changes
>> replicate?
>>
>> It may just be normal replication issues, check DNS in particular.
>>
>> Andrew Bartlett
>>
>> On Tue, 2022-03-22 at 16:25 +0800, Adam Xu via samba wrote:
>>> Hi Andrew,
>>>
>>> I have joined my windows AD to samba AD successfully. But,
>>>
>>> when I change one user's password in windoiws AD. the password was not
>>> synced to other samba AD DCs.
>>>
>>> Is this a compatibility issue?
>>>
>>> 在 2022/3/19 12:57, Andrew Bartlett via samba 写道:
>>>> On Sat, 2022-03-19 at 09:24 +0800, Adam Xu via samba wrote:
>>>>> Hi samba list,
>>>>>
>>>>> accroding to samba wiki,
>>>>> https://wiki.samba.org/index.php/Joining_a_Windows_Server_2012_/_2012_R2_DC_to_a_Samba_AD 
>>>>>
>>>>>
>>>>> Windows server 2012 R2 can't join to samba AD directly. I need to 
>>>>> join a
>>>>> windows server 2018 R2 to samba AD first and then join windows server
>>>>> 2012 R2 to samba AD.
>>>>>
>>>>> but a searched for a document.
>>>>> https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_add_windows_active_directory.html 
>>>>>
>>>>>
>>>>> In that document, we can join windows server 2012 R2 to samba 
>>>>> directly.
>>>>>
>>>>> Which document is more reliable? My samba version is 4.15.6.
>>>> Why not try it?
>>>>
>>>> If it works, update the wiki.
>>>>
>>>> It's the weekend, so this is just from memory, but while we did a pile
>>>> of work on our 'adprep' reimplementation (using the public script 
>>>> files
>>>> MS published, thanks MS!), to allow this, and before that recommended
>>>> going via a MS server to run their adprep, Microsoft fixed some 
>>>> bugs we
>>>> alerted them to.
>>>>
>>>> That I understand now allows a join directly.
>>>>
>>>> Andrew Bartlett
>>>>

More information about the samba mailing list