I have a samba dc which i recently upgraded to 4.6.4. I was looking at updating the functional level as it currently returns: Forest function level: (Windows) 2000 Domain function level: (Windows) 2000 Lowest function level of a DC: (Windows) 2000 There is only a single DC (this host). According to the documentation 2000 isn’t even supported anymore: https://wiki.samba.org/index.php/Raising_the_Functional_Levels <https://wiki.samba.org/index.php/Raising_the_Functional_Levels> <https://wiki.samba.org/index.php/Raising_the_Functional_Levels> Any attempt to raise the level with samba-tool returns: Domain function level can't be higher than the lowest function level of a DC! The fsmo roles are as follows: SchemaMasterRole owner: CN=NTDS Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local InfrastructureMasterRole owner: CN=NTDS Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local RidAllocationMasterRole owner: CN=NTDS Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local PdcEmulationMasterRole owner: CN=NTDS Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local DomainNamingMasterRole owner: CN=NTDS Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local DomainDnsZonesMasterRole: * The 'domaindns' role is not present in this domain ForestDnsZonesMasterRole: * The 'forestdns' role is not present in this domain Do i need to downgrade samba in order to ‘upgrade’ past 2000? Was support/raising from 2000 removed at some point?
On Mon, 5 Jun 2017 13:29:10 +0100 Danny Tipple via samba <samba at lists.samba.org> wrote:> I have a samba dc which i recently upgraded to 4.6.4. I was looking > at updating the functional level as it currently returns: > > Forest function level: (Windows) 2000 > Domain function level: (Windows) 2000 > Lowest function level of a DC: (Windows) 2000 > > There is only a single DC (this host). > > According to the documentation 2000 isn’t even supported anymore: > https://wiki.samba.org/index.php/Raising_the_Functional_Levels > <https://wiki.samba.org/index.php/Raising_the_Functional_Levels> > > <https://wiki.samba.org/index.php/Raising_the_Functional_Levels> > Any attempt to raise the level with samba-tool returns: > > Domain function level can't be higher than the lowest function level > of a DC! > > The fsmo roles are as follows: > > SchemaMasterRole owner: CN=NTDS > Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local > InfrastructureMasterRole owner: CN=NTDS > Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local > RidAllocationMasterRole owner: CN=NTDS > Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local > PdcEmulationMasterRole owner: CN=NTDS > Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local > DomainNamingMasterRole owner: CN=NTDS > Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local > DomainDnsZonesMasterRole: * The 'domaindns' role is not present in > this domain ForestDnsZonesMasterRole: * The 'forestdns' role is not > present in this domain > > Do i need to downgrade samba in order to ‘upgrade’ past 2000? Was > support/raising from 2000 removed at some point?How did you manage to get a Samba AD DC with level 2000 ? The only way I can think of is, you joined Samba to an existing windows DC. There is a thread about this, here: https://lists.samba.org/archive/samba-technical/2014-March/098335.html Sorry, but it doesn't look like a cure was found. You probably have the wrong schema and no DNS in AD. Rowland
Unfortunately its an old setup that I’ve inherited from someone else. From what i understand there was originally a windows sbs server and this samba dc has replaced that. It was done when samba 4 was in early beta. Thanks for the link i found that thread but as you say it doesn’t help. Failing any kind of fix is there a way to import users/computers into a fresh database?
Possibly Parallel Threads
- Lowest functional level 2000 (4.6.4)
- Domain join failure - error during DRS repl ADD: No objectClass found in replPropertyMetaData
- Doubt about Global Catalog on Samba 4
- Magically disappearing errors during FSMO transfer
- Doubt about Global Catalog on Samba 4