Hi, I'm attempting to join a Windows Server 2022 to an existing domain Im running into issues as I am trying to migrate away from Samba DCs (:sad:) I've been able to successfully join a Windows Server 2022 to a fresh domain without much trouble after following tranquil.it<https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_add_windows_active_directory.html>'s guide as well as adding dsdb:schema update allowed=true? to my /etc/samba/smb.conf? on the domain controllers. Unfortunately when attempting to join a Windows Server 2022 to the existing domain Im running into an issue with it applying sch75.ldf? schema changes. The specific error is Insufficient Rights Ldap error code 50? and goes on about saying that the join user being in both Enterprise & Schema admin groups should resolve this but the user is indeed in both groups. In both my brand new domain and existing domains the following can be assumed: Samba version 4.17 Domain Functional Level 2008 R2 Just looking on input/guidance of where to debug on this existing domain where it thinks it has insufficient permissions. I know both the samba wiki & tranquil.it only state this is possible with 2012 Windows DC's but I was able to get it working on a fresh instance and replication etc all seems to be working fine. Im looking to avoid needing to spin up an older version of Windows server to replicate from TYIA, Dawson
On 10/05/2023 16:04, Dawson Greeley via samba wrote:> Hi, > > I'm attempting to join a Windows Server 2022 to an existing domain Im running into issues as I am trying to migrate away from Samba DCs (:sad:) > > I've been able to successfully join a Windows Server 2022 to a fresh domain without much trouble after following tranquil.it<https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_add_windows_active_directory.html>'s guide as well as adding dsdb:schema update allowed=true? to my /etc/samba/smb.conf? on the domain controllers.I didn't think this was possible, so I followed your link and the very first thing I saw was a warning: As of 2022-12-13, Samba-AD does not allow to join a MSAD 2016 or 2019. Now, I know it doesn't mention 2022, but if you cannot join 2016 or 2019, then I doubt very much whether 2022 will either. I know that there is extensive work going on at present to get to 2012 and then when that is finished, it should be fairly easy to get to 2016 and onwards, though I doubt if it will be this year. Sorry Rowland