Hi, for now I am using Win2003 functional level of my domain. I just wanted to ask if I raise the level to 2008_R2 will the scheme be extended like this article says? https://technet.microsoft.com/en-us/library/dd446680%28v=ws.10%29.aspx I just want to know this for the time samba will someday support DC related GPOs. Thanks in advance Tim
Marc Muehlfeld
2015-Feb-03 17:32 UTC
[Samba] Domain function levels and extending ad scheme
Hello Tim, Am 03.02.2015 um 16:25 schrieb Tim:> for now I am using Win2003 functional level of my domain. > > I just wanted to ask if I raise the level to 2008_R2 will the scheme be extended > like this article says? > https://technet.microsoft.com/en-us/library/dd446680%28v=ws.10%29.aspxSamba is shipped with schema version 47 (Server 2008 R2): # ldbsearch -H /usr/local/samba/private/sam.ldb -b CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com -s base objectVersion # record 1 dn: CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com objectVersion: 47 # returned 1 records # 1 entries # 0 referrals Even if you are at a lower forest level, the schema can already be newer. In a Windows AD, you can also do an 'adprep' on Windows and lift your schema to a newer version, but don't raise the forest level. Just one more note: Samba currently only support schema version 47. Newer AD schemas are not supported (yet) and if tried to install anyway, it will break your AD. Regards, Marc