[Samba] [External] - Re: Joining Windows Server 2022 to Samba Domain

Dawson Greeley dgreeley at xes-inc.com
Wed May 10 17:42:22 UTC 2023 

Hey Rowland,

I was actually able to figure it out by looking back at my notes from when I first did it.

After running the following commands to get the schema level to 2019 it joins as a DC no problem. I'd assume it could be forced to the 2016 schema level but was following this guide<https://dev.to/aciklab/adding-a-windows-2019-dc-to-your-samba-domain-im2> for that portion of my notes. Do you know of any possible long term ill-effects?

priv=$(smbd -b | grep -i private_dir | cut -d : -f 2 | xargs)
defaultNamingContext=$(ldbsearch -H ldap://127.0.0.1 -s base -b "" defaultNamingContext | grep defaultNamingContext | cut -d : -f 2 | xargs)
schemaNamingContext=$(ldbsearch -H ldap://127.0.0.1 -s base -b "" schemaNamingContext | grep schema | cut -d : -f 2 | xargs)
ldbedit -e "sed -i 's/objectVersion:.*/objectVersion: 88/g'" -H $priv/sam.ldb '(objectClass=dMD)' -b $schemaNamingContext
________________________________
From: samba <samba-bounces at lists.samba.org> on behalf of Rowland Penny via samba <samba at lists.samba.org>
Sent: Wednesday, May 10, 2023 10:33 AM
To: samba at lists.samba.org <samba at lists.samba.org>
Cc: Rowland Penny <rpenny at samba.org>
Subject: [External] - Re: [Samba] Joining Windows Server 2022 to Samba Domain



On 10/05/2023 16:04, Dawson Greeley via samba wrote:
> Hi,
>
> I'm attempting to join a Windows Server 2022 to an existing domain Im running into issues as I am trying to migrate away from Samba DCs (:sad:)
>
> I've been able to successfully join a Windows Server 2022 to a fresh domain without much trouble after following tranquil.it<https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_add_windows_active_directory.html>'s guide as well as adding dsdb:schema update allowed=true​ to my /etc/samba/smb.conf​ on the domain controllers.

I didn't think this was possible, so I followed your link and the very
first thing I saw was a warning:

As of 2022-12-13, Samba-AD does not allow to join a MSAD 2016 or 2019.

Now, I know it doesn't mention 2022, but if you cannot join 2016 or
2019, then I doubt very much whether 2022 will either.

I know that there is extensive work going on at present to get to 2012
and then when that is finished, it should be fairly easy to get to 2016
and onwards, though I doubt if it will be this year.

Sorry

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

More information about the samba mailing list