Christophe Borivant
2018-Feb-13 09:38 UTC
[Samba] Is it possible to lower the domain and forest functional level
Hello all, We have a samba 4 domain controller. The domain controller was at first a secondary domain controller. We joined it to a domain were the first controller was a windows 2003 server. Then we have transfer the fsmo roles to the linux controller and demote the 2003 server. I then ran all the ldf files from the 2008 R2 dcpromo and raised the functional levels. Now we need to go back to windows domain controller because we need to use sharepoint. Joining a Windows 2008 R2 controller does not work ( it keeps asking for dcpromo ). So I would like to try to join a Windows 2003 but I can't because of the functionnal levels. So is there a way to lower the domain and forest functional level ? --------------------------------------------- Christophe Borivant Responsable d'exploitation informatique +33 5 62 20 71 71 (Poste 503) Devinlec - Groupe Leclerc --------------------------------------------
Andrew Bartlett
2018-Feb-13 22:20 UTC
[Samba] Is it possible to lower the domain and forest functional level
On Tue, 2018-02-13 at 10:38 +0100, Christophe Borivant via samba wrote:> Hello all, > > We have a samba 4 domain controller. > The domain controller was at first a secondary domain controller. > We joined it to a domain were the first controller was a windows 2003 server. > Then we have transfer the fsmo roles to the linux controller and demote the 2003 server. > I then ran all the ldf files from the 2008 R2 dcpromo and raised the functional levels. > Now we need to go back to windows domain controller because we need to use sharepoint.Out of curiosity, what breaks with sharepoint? Have you tried with the current release? Thanks, Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
Christophe Borivant
2018-Feb-14 10:14 UTC
[Samba] Is it possible to lower the domain and forest functional level
I don't know exactly, but there were problems with indexes ( as the user said ). We did not try with the current release and our manager wants to go back to Microsoft :-( Our samba version is 4.7.5. I've been able to go one step further. We first were not able to join a Windows 2008 R2 as a domain controller because it was asking for adprep. I found the missing datas in the ldap and added them. But know dcpromo fails replicating the configuration partition. The most relevant error I can find in the dcpromo.log is : Valeur de l’erreur principale : 8451 L’opération de réplication a rencontré une erreur dans la base de données. Valeur de l’erreur secondaire : -1507 JET_errColumnNotFound, No such column 02/13/2018 18:27:35 [INFO] EVENTLOG (Warning): NTDS General / Traitement interne : 1173 Internal event: Active Directory Domain Services has encountered the following exception and associated parameters. Exception: e0010002 Parameter: 0 Additional Data Error value: 8451 Internal ID: 106027e 02/13/2018 18:27:35 [INFO] Error - Les services de domaine Active Directory n’ont pas pu répliquer la partition d’annuaire CN=Configuration,DC=removed,DC=com du contrôleur de domaine Active Directory distant frtlse-srv018.removed.com. (8451) 02/13/2018 18:27:35 [INFO] EVENTLOG (Error): NTDS General / Traitement interne : 1168 Internal error: An Active Directory Domain Services error has occurred. Additional Data Error value (decimal): -1073741823 Error value (hex): c0000001 Internal ID: 300162a 02/13/2018 18:27:36 [INFO] EVENTLOG (Informational): NTDS General / Contrôle du service : 1004 Les services de domaine Active Directory ont été arrêtés correctement. 02/13/2018 18:27:37 [INFO] NtdsInstall for removed.com returned 8451 02/13/2018 18:27:37 [INFO] DsRolepInstallDs returned 8451 02/13/2018 18:27:37 [ERROR] Failed to install to Directory Service (8451) 02/13/2018 18:27:43 [INFO] Démarrage du service NETLOGON 02/13/2018 18:27:43 [INFO] Configuring service NETLOGON to 2 returned 0 02/13/2018 18:27:43 [INFO] La tentative de promotion du contrôleur de domaine est terminée 02/13/2018 18:27:43 [INFO] DsRolepSetOperationDone returned 0 --------------------------------------------- Christophe Borivant Responsable d'exploitation informatique +33 5 62 20 71 71 (Poste 503) Devinlec - Groupe Leclerc -------------------------------------------- ----- Mail original ----- De: "Andrew Bartlett" <abartlet at samba.org> À: "Christophe BORIVANT" <cborivant at devinlec.com>, "samba" <samba at lists.samba.org> Envoyé: Mardi 13 Février 2018 23:20:15 Objet: Re: [Samba] Is it possible to lower the domain and forest functional level On Tue, 2018-02-13 at 10:38 +0100, Christophe Borivant via samba wrote:> Hello all, > > We have a samba 4 domain controller. > The domain controller was at first a secondary domain controller. > We joined it to a domain were the first controller was a windows 2003 server. > Then we have transfer the fsmo roles to the linux controller and demote the 2003 server. > I then ran all the ldf files from the 2008 R2 dcpromo and raised the functional levels. > Now we need to go back to windows domain controller because we need to use sharepoint.Out of curiosity, what breaks with sharepoint? Have you tried with the current release? Thanks, Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
Maybe Matching Threads
- Is it possible to lower the domain and forest functional level
- Is it possible to lower the domain and forest functional level
- Is it possible to lower the domain and forest functional level
- Is it possible to lower the domain and forest functional level
- Is it possible to lower the domain and forest functional level