[Samba] Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in

Virgo Pärna virgo.parna at mail.ee
Sat Jan 25 18:44:24 UTC 2025


	Domain itself is really old (and dc has been same install for long 
time). Originally was installed as NT domain, that was upgraded to AD, 
when Windows dropped NT domain support.

	I now discovered, that there are lot of schema upgrades not done... I 
was able to upgrade schema to 2012 version. But after that
samba-tool domain schemaupgrade --schema=2016 -v
fails with

Applying Sch78.ldf updates...
Exception: (21, "objectclass_attrs: attribute 'systemFlags' on entry 
'CN=Privileged Access Management Feature,CN=Optional 
Features,CN=Directory Service,CN=Windows 
NT,CN=Services,CN=Configuration,DC=*****' contains at least one invalid 
value!")
Encountered while trying to apply the following LDIF
----------------------------------------------------
dn: CN=Privileged Access Management Feature,CN=Optional 
Features,CN=Directory Service,CN=Windows 
NT,CN=Services,CN=Configuration,DC=*****
changetype: modify
replace: systemFlags
systemFlags: 2348810240
-

Exception: (21, "objectclass_attrs: attribute 'systemFlags' on entry 
'CN=Privileged Access Management Feature,CN=Optional 
Features,CN=Directory Service,CN=Windows 
NT,CN=Services,CN=Configuration,DC=*****' contains at least one invalid 
value!")
Error encountered, aborting schema upgrade
ERROR: Failed to upgrade schema


-- 
Virgo Pärna
virgo.parna at mail.ee



More information about the samba mailing list