samba - Jan 2020 - SCCM and other MS tools compatibility with Samba 4.x.x (Functional level 2008R2)

Hello Folks,

We're using Samba as AD servers along with Windows AD Servers (2008R2 FL).

We also use SCCM (Current Branch) that is dependent on AD for lab
deployments (Windows 10).

Currently, SCCM (current branch) supports 2008R2 FL, but for how long???
Samba does not support 2012R2, 2016, 2019 FL.

We'd like to remove the Windows Servers from our AD infrastructure, but
would also like to continue using SCCM.?

Have others who use SCCM done this?

I would like to get other admins opinion on this matter...

Thank You!

-- 
Luc Lalonde, analyste
-----------------------------
D?partement de g?nie informatique:
?cole polytechnique de MTL
(514) 340-4711 x5049
Luc.Lalonde at polymtl.ca
-----------------------------


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20200110/b6700f0a/signature.sig>

Hi Luc,


Le 01/10/2020 ? 04:51 PM, Luc Lalonde via samba a ?crit
:
> Hello Folks,
>
> We're using Samba as AD servers along with Windows AD Servers (2008R2
FL).
>
> We also use SCCM (Current Branch) that is dependent on AD for lab
> deployments (Windows 10).
>
> Currently, SCCM (current branch) supports 2008R2 FL, but for how long?
> Samba does not support 2012R2, 2016, 2019 FL.
>
> We'd like to remove the Windows Servers from our AD infrastructure, but
> would also like to continue using SCCM.
>
> Have others who use SCCM done this?
>
> I would like to get other admins opinion on this matter...
About the initial question, from my experience most existing domains are 
still FL2008R2 since most people didn't take care to upgrade (I have 
even seen a FL2003R2 recently). Very few people are actually using 2k12 
security advantages like silos, protected users, etc. So I guess 
compatibility with 2k8r2 might still be around for a few years waiting 
for people to upgrade since FL2008r2 is enough for most people.

Samba-AD 4.11 supports 2012R2 schema and can replicate with a 2012r2 
with FL2008r2, so it is getting better. Upgrading Samba-AD to FL2012r2 
needs some work on Silos, FAST, Claims, getting to upstream Heimdal, 
etc. There has already been work to look at what is needed to be done 
and do an evaluation of time needed.

We have been working here in France with large administration and 
ministries for financing and with Catalyst NZ for development to push 
forward Samba-AD in the last few year [1]. If you know people in Quebec 
administration that would be interested in improving their Active 
Directory ROI through financing Samba-AD development, that would be 
really great!

After if you can take SCCM out of the equation, I'd recommend you to 
take a look at the presentation of Florent Fareneau from Polytechnic 
University of Hauts-de-France at the JRES conference last month (note : 
it is in French, but I think it shouldn't be a problem for you):

https://replay.jres.org/videos/watch/9c3fa697-b45f-448b-bade-d8c624ce1e25

The JRES conference [2] is a university and research lab sysadmin 
conference much about use cases and feedback. The staff at PUHF are 
using Microsoft MDT coupled with WAPT [3] for OS and software deployment 
for quite a few years and are very happy about it.

Disclaimer : I work also on WAPT beside Samba-AD deployment :-)

Cheers,

Denis

[1] https://www.catalyst.net.nz/client-work/samba-and-french-government
[2] https://www.jres.org/en/home/
[3] https://www.wapt.fr/en/doc/
>
> Thank You!
>
>
>
-- 
Denis Cardon
Tranquil IT
12 avenue Jules Verne (Bat. A)
44230 Saint S?bastien sur Loire (FRANCE)
tel : +33 (0) 240 975 755
http://www.tranquil.it

Tranquil IT recrute! https://www.tranquil.it/nous-rejoindre/
Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr