samba - Jun 2017 - Lowest functional level 2000 (4.6.4)

I have a samba dc which i recently upgraded  to 4.6.4.  I was looking at
updating the functional level as it currently returns:

Forest function level: (Windows) 2000
Domain function level: (Windows) 2000
Lowest function level of a DC: (Windows) 2000

There is only a single DC (this host).

According to the documentation 2000 isn’t even supported anymore:
https://wiki.samba.org/index.php/Raising_the_Functional_Levels
 <https://wiki.samba.org/index.php/Raising_the_Functional_Levels>

 <https://wiki.samba.org/index.php/Raising_the_Functional_Levels>
Any attempt to raise the level with samba-tool returns: 

Domain function level can't be higher than the lowest function level of a
DC!

The fsmo roles are as follows:

SchemaMasterRole owner: CN=NTDS
Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local
DomainDnsZonesMasterRole: * The 'domaindns' role is not present in this
domain
ForestDnsZonesMasterRole: * The 'forestdns' role is not present in this
domain

Do i need to downgrade samba in order to ‘upgrade’ past 2000?  Was
support/raising from 2000 removed at some point?

On Mon, 5 Jun 2017 13:29:10 +0100
Danny Tipple via samba <samba at lists.samba.org> wrote:
> I have a samba dc which i recently upgraded  to 4.6.4.  I was looking
> at updating the functional level as it currently returns:
> 
> Forest function level: (Windows) 2000
> Domain function level: (Windows) 2000
> Lowest function level of a DC: (Windows) 2000
> 
> There is only a single DC (this host).
> 
> According to the documentation 2000 isn’t even supported anymore:
> https://wiki.samba.org/index.php/Raising_the_Functional_Levels
> <https://wiki.samba.org/index.php/Raising_the_Functional_Levels>
> 
>  <https://wiki.samba.org/index.php/Raising_the_Functional_Levels>
> Any attempt to raise the level with samba-tool returns: 
> 
> Domain function level can't be higher than the lowest function level
> of a DC!
> 
> The fsmo roles are as follows:
> 
> SchemaMasterRole owner: CN=NTDS
>
Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local
> InfrastructureMasterRole owner: CN=NTDS
>
Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local
> RidAllocationMasterRole owner: CN=NTDS
>
Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local
> PdcEmulationMasterRole owner: CN=NTDS
>
Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local
> DomainNamingMasterRole owner: CN=NTDS
>
Settings,CN=MY-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyCompany,DC=local
> DomainDnsZonesMasterRole: * The 'domaindns' role is not present in
> this domain ForestDnsZonesMasterRole: * The 'forestdns' role is not
> present in this domain
> 
> Do i need to downgrade samba in order to ‘upgrade’ past 2000?  Was
> support/raising from 2000 removed at some point?
How did you manage to get a Samba AD DC with level 2000 ? The only way I
can think of is, you joined Samba to an existing windows DC.

There is a thread about this, here:

https://lists.samba.org/archive/samba-technical/2014-March/098335.html

Sorry, but it doesn't look like a cure was found.

You probably have the wrong schema and no DNS in AD.

Rowland

Unfortunately its an old setup that I’ve inherited from someone else.

From what i understand there was originally a windows sbs server and this samba
dc has replaced that. It was done when samba 4 was in early beta.

Thanks for the link i found that thread but as you say it doesn’t help.

Failing any kind of fix is there a way to import users/computers into a fresh
database?