Question for time based group membership in FL 2016
Douglas Bagnall
douglas.bagnall at catalyst.net.nz
Thu Feb 1 20:38:51 UTC 2024
On 2/02/24 07:22, Stefan Kania via samba-technical wrote:
> Hi to all,
>
> I already posted the question in the samba-mailinlist but I think it's
> more a question for developers :-)
>
> I have a question about FL 2016 and if samba supports it. If yes, how
> can I use it without powershell.
>
> In FL 2016 there is the possibility to put a user into a group and the
> membership is time based. So I could put the user Foo into the group
> 'domain admins' for 30 minutes and after 30 minutes the system will
> remove user foo from the group.
That sounds good. We don't do that, and we don't call it part of
"functional level 2016".
The things that count as "functional level" are listed here:
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels
They are protocol level things -- supporting FL2016 means you can
properly be a DC in an FL2016 domain.
Temporary memberships is a useful trick that Windows Server 2016 can do,
for which FL2016 is necessary, but not sufficient.
That's my understanding, at least.
Douglas
More information about the samba-technical
mailing list