[Samba] R: Error in 'samba-tool domain level show's
Rowland Penny
rpenny at samba.org
Mon Jun 23 10:23:14 UTC 2025
On Mon, 23 Jun 2025 09:48:08 +0000
Manzini Enrico <emanzini at zensistemi.com> wrote:
> Hi rowland
> Try to set "ad dc functional level = 2016" in /etc/samba/smb.conf of
> the rwdc, because it seem the dc functional level is lower that one
> specified in the domain functional level
>
Thanks for that, it made me stop and think, not because I didn't have
that line in my DCs, I did.
I traced the error to a an RODC that I have running, an ldbsearch
produced this:
sudo ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -P -b
'DC=samdom,DC=example,DC=com' -s sub '(msDS-Behavior-Version=*)'
msDS-Behavior-Version
..................
# record 2
dn: CN=NTDS Settings,CN=RODC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
msDS-Behavior-Version: 4
Changing that '4' to a '7' with ldbmodify fixed the problem, running
'sudo samba-tool domain level show' now produces this:
Domain and forest function level for domain 'DC=samdom,DC=example,DC=com'
Forest function level: (Windows) 2016
Domain function level: (Windows) 2016
Lowest function level of a DC: (Windows) 2016
Rowland
More information about the samba
mailing list