On 10/05/2023 16:04, Dawson Greeley via samba wrote:> Hi, > > I'm attempting to join a Windows Server 2022 to an existing domain Im running into issues as I am trying to migrate away from Samba DCs (:sad:) > > I've been able to successfully join a Windows Server 2022 to a fresh domain without much trouble after following tranquil.it<https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_add_windows_active_directory.html>'s guide as well as adding dsdb:schema update allowed=true? to my /etc/samba/smb.conf? on the domain controllers.I didn't think this was possible, so I followed your link and the very first thing I saw was a warning: As of 2022-12-13, Samba-AD does not allow to join a MSAD 2016 or 2019. Now, I know it doesn't mention 2022, but if you cannot join 2016 or 2019, then I doubt very much whether 2022 will either. I know that there is extensive work going on at present to get to 2012 and then when that is finished, it should be fairly easy to get to 2016 and onwards, though I doubt if it will be this year. Sorry Rowland
Dawson Greeley
2023-May-10 17:42 UTC
[Samba] [External] - Re: Joining Windows Server 2022 to Samba Domain
Hey Rowland, I was actually able to figure it out by looking back at my notes from when I first did it. After running the following commands to get the schema level to 2019 it joins as a DC no problem. I'd assume it could be forced to the 2016 schema level but was following this guide<https://dev.to/aciklab/adding-a-windows-2019-dc-to-your-samba-domain-im2> for that portion of my notes. Do you know of any possible long term ill-effects? priv=$(smbd -b | grep -i private_dir | cut -d : -f 2 | xargs) defaultNamingContext=$(ldbsearch -H ldap://127.0.0.1 -s base -b "" defaultNamingContext | grep defaultNamingContext | cut -d : -f 2 | xargs) schemaNamingContext=$(ldbsearch -H ldap://127.0.0.1 -s base -b "" schemaNamingContext | grep schema | cut -d : -f 2 | xargs) ldbedit -e "sed -i 's/objectVersion:.*/objectVersion: 88/g'" -H $priv/sam.ldb '(objectClass=dMD)' -b $schemaNamingContext ________________________________ From: samba <samba-bounces at lists.samba.org> on behalf of Rowland Penny via samba <samba at lists.samba.org> Sent: Wednesday, May 10, 2023 10:33 AM To: samba at lists.samba.org <samba at lists.samba.org> Cc: Rowland Penny <rpenny at samba.org> Subject: [External] - Re: [Samba] Joining Windows Server 2022 to Samba Domain On 10/05/2023 16:04, Dawson Greeley via samba wrote:> Hi, > > I'm attempting to join a Windows Server 2022 to an existing domain Im running into issues as I am trying to migrate away from Samba DCs (:sad:) > > I've been able to successfully join a Windows Server 2022 to a fresh domain without much trouble after following tranquil.it<https://samba.tranquil.it/doc/en/samba_advanced_methods/samba_add_windows_active_directory.html>'s guide as well as adding dsdb:schema update allowed=true? to my /etc/samba/smb.conf? on the domain controllers.I didn't think this was possible, so I followed your link and the very first thing I saw was a warning: As of 2022-12-13, Samba-AD does not allow to join a MSAD 2016 or 2019. Now, I know it doesn't mention 2022, but if you cannot join 2016 or 2019, then I doubt very much whether 2022 will either. I know that there is extensive work going on at present to get to 2012 and then when that is finished, it should be fairly easy to get to 2016 and onwards, though I doubt if it will be this year. Sorry Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.