Question for time based group membership in FL 2016
Stefan Metzmacher
metze at samba.org
Fri Feb 2 09:15:03 UTC 2024
Am 01.02.24 um 21:38 schrieb Douglas Bagnall via samba-technical:
> On 2/02/24 07:22, Stefan Kania via samba-technical wrote:
>> Hi to all,
>>
>> I already posted the question in the samba-mailinlist but I think it's more a question for developers :-)
>>
>> I have a question about FL 2016 and if samba supports it. If yes, how can I use it without powershell.
>>
>> In FL 2016 there is the possibility to put a user into a group and the membership is time based. So I could put the user Foo into the group 'domain admins' for 30 minutes
>> and after 30 minutes the system will remove user foo from the group.
>
> That sounds good. We don't do that, and we don't call it part of "functional level 2016".
>
> The things that count as "functional level" are listed here:
>
> https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels
>
> They are protocol level things -- supporting FL2016 means you can properly be a DC in an FL2016 domain.
>
> Temporary memberships is a useful trick that Windows Server 2016 can do, for which FL2016 is necessary, but not sufficient.
I haven't read the whole thread yet, but note that I have wip patches for timed linked attributes in
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master-drsuapi
metze
More information about the samba-technical
mailing list