Raising the Functional Levels: Difference between revisions

From SambaWiki
m (Moving "Raising the domain functional level" to the top. It has to be raised first.)
mNo edit summary
 
(10 intermediate revisions by 4 users not shown)
Line 1: Line 1:
= Introduction =
= Impact of upgrading the functional levels =


The Active Directory (AD) functional levels determine the domain or forest capabilities. For details, see:
'''Warning: Before you raise the functional levels in your AD, you should make sure, that you understand what functional levels are and what consequences it will have for your domain and forest, if you upgrade them!'''

Some usefull links to documentation about AD functional levels:


* [http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels%28WS.10%29.aspx Understanding Active Directory Domain Services (AD DS) Functional Levels]
* [http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels%28WS.10%29.aspx Understanding Active Directory Domain Services (AD DS) Functional Levels]
Line 10: Line 8:




{{Imbox
| type = important
| text = If you raise any of the functional levels, you will need to restart the Samba AD DC(s).
}}






= Raising the domain functional level =


== Through Windows Administration Tools ==


= Supported Functional Levels =
'''Hint: This way does not work at the moment! See [https://bugzilla.samba.org/show_bug.cgi?id=10360 Bug #10360]'''


You can set the following functional levels in Active Directory (AD) via samba-tool.
The following steps can be executed on any Windows machine (including workstations), on which the RSAT (Remote Server Administration Tools) are installed.


{| class="wikitable"
* Open Active Directory Domains and Trusts
!Functional Level
!Included in Samba Version
|-
|2012_R2
|4.4 and later*
|-
|2012
|4.4 and later*
|-
|2008_R2
|4.0 and later
|-
|2008
|4.0 and later
|-
|2003
|4.0 and later
|}


<nowiki>*</nowiki> Functional level is included for use against Windows, but '''not supported in Samba'''. Kerberos improvements from Windows Server 2012 and 2012 R2 are not implemented in Samba.
* Right-click your Domain in the left pane and choose „Raise Domain Functional Level...“.

= Raising the Domain Functional Level =

== Using samba-tool ==

To raise the domain functional level on a Samba Active Directory (AD) domain controller (DC), use <code>samba-tool</code>. For example, to set the domain functional level to <code>2008_R2</code>:

# samba-tool domain level raise --domain-level=2008_R2

For a list of supported domain functional levels, see [[#Supported_Functional_Levels|Supported Functional Levels]].



== Using the Windows Active Directory Domains and Trusts Utility ==

{{Imbox
| type = important
| text = Raising the domain functional level using the <code>Active Directory Domains and Trusts</code> utility is currently not supported.<br />For details, see https://bugzilla.samba.org/show_bug.cgi?id=10360
}}

Run the following steps on a Windows machine having the remote server administration tools (RSAT) installed:

* Log in as domain administrator.

* Open the <code>Active Directory Domains and Trusts</code> utility.

* Right-click the domain on the left side and select <code>Raise Domain Functional Level</code>.


:[[Image:Raise_Domain_Functional_Level.png]]
:[[Image:Raise_Domain_Functional_Level.png]]


* In the upcomming Window, choose the functional level, you want to upgrade to.
* Select the functional level.


* Click <code>OK</code>.






== Through samba-tool ==


You can raise the domain functional level on any of your Samba AD Domain Controllers by using the following command:


= Raising the Forest Functional Level =
# samba-tool domain level --domain-level=...


== Using samba-tool ==


{{Imbox
| type = note
| text = You can not set the forest functional level higher than the domain functional level.
}}




To raise the forest functional level on a Samba Active Directory (AD) domain controller (DC), use <code>samba-tool</code>. For example, to set the forest functional level to <code>2012_R2</code>:


# samba-tool domain level raise --forest-level=2012_R2
= Raising the forest functional level =


For a list of supported forest functional levels, see [[#Supported_Functional_Levels|Supported Functional Levels]].
'''The forest functional level can't be higher than the domain functional level!'''






== Through Windows Administration Tools ==
== Using the Windows Active Directory Domains and Trusts Utility ==


{{Imbox
'''Hint: This way does not work at the moment! See [https://bugzilla.samba.org/show_bug.cgi?id=10360 Bug #10360]'''
| type = important
| text = Raising the domain functional level using the <code>Active Directory Domains and Trusts</code> utility is currently not supported.<br />For details, see https://bugzilla.samba.org/show_bug.cgi?id=10360
}}


The following steps can be executed on any Windows machine (including workstations), on which the RSAT (Remote Server Administration Tools) are installed.
Run the following steps on a Windows machine having the remote server administration tools (RSAT) installed:


* Log in as domain administrator.
* Open Active Directory Domains and Trusts


* Right-click to „Active Directory Domains and Trusts“ in the left pane and choose „Raise Forest Functional Level...“.
* Open the <code>Active Directory Domains and Trusts</code> utility.

* Right-click <code>Active Directory Domains and Trusts</code> on the left side and select <code>Raise Forest Functional Level</code>.


:[[Image:Raise_Forest_Functional_Level.png]]
:[[Image:Raise_Forest_Functional_Level.png]]


* In the upcomming Window, choose the functional level, you want to upgrade to.
* Select the functional level.

* Click <code>OK</code>.






== Through samba-tool ==


You can raise the forest functional level on any of your Samba AD Domain Controllers by using the following command:


----
# samba-tool domain level --forest-level=...
[[Category:Active Directory]]

Latest revision as of 16:47, 12 April 2021

Introduction

The Active Directory (AD) functional levels determine the domain or forest capabilities. For details, see:




Supported Functional Levels

You can set the following functional levels in Active Directory (AD) via samba-tool.

Functional Level Included in Samba Version
2012_R2 4.4 and later*
2012 4.4 and later*
2008_R2 4.0 and later
2008 4.0 and later
2003 4.0 and later

* Functional level is included for use against Windows, but not supported in Samba. Kerberos improvements from Windows Server 2012 and 2012 R2 are not implemented in Samba.

Raising the Domain Functional Level

Using samba-tool

To raise the domain functional level on a Samba Active Directory (AD) domain controller (DC), use samba-tool. For example, to set the domain functional level to 2008_R2:

# samba-tool domain level raise --domain-level=2008_R2

For a list of supported domain functional levels, see Supported Functional Levels.


Using the Windows Active Directory Domains and Trusts Utility

Run the following steps on a Windows machine having the remote server administration tools (RSAT) installed:

  • Log in as domain administrator.
  • Open the Active Directory Domains and Trusts utility.
  • Right-click the domain on the left side and select Raise Domain Functional Level.
Raise Domain Functional Level.png
  • Select the functional level.
  • Click OK.



Raising the Forest Functional Level

Using samba-tool


To raise the forest functional level on a Samba Active Directory (AD) domain controller (DC), use samba-tool. For example, to set the forest functional level to 2012_R2:

# samba-tool domain level raise --forest-level=2012_R2

For a list of supported forest functional levels, see Supported Functional Levels.


Using the Windows Active Directory Domains and Trusts Utility

Run the following steps on a Windows machine having the remote server administration tools (RSAT) installed:

  • Log in as domain administrator.
  • Open the Active Directory Domains and Trusts utility.
  • Right-click Active Directory Domains and Trusts on the left side and select Raise Forest Functional Level.
Raise Forest Functional Level.png
  • Select the functional level.
  • Click OK.