[Samba] samba support of KB5020276 workaround

Francesco Malvezzi francesco.malvezzi at unimore.it
Wed Nov 6 10:37:23 UTC 2024


Hi everybody,

since a couple of years, user X can't join a computer to AD if the 
computer object has been created by user Y.

It is KB5020276—Netjoin: Domain join hardening changes [1].

The documentation suggests a workaround, basically a group policy 
applied to all the domain controllers.

Is it that possibile to apply group policies to a samba DC?

The group policy I'm talking about requires a 2012R2 schema, but before 
raising the schema I would like to understand if it could possibly work ;)

thank you so much,

Francesco

[1] 
https://support.microsoft.com/en-us/topic/kb5020276-netjoin-domain-join-hardening-changes-2b65a0f3-1f4c-42ef-ac0f-1caaf421baf8



More information about the samba mailing list