Raising the Functional Levels: Difference between revisions
Mmuehlfeld (talk | contribs) m (Moving "Raising the domain functional level" to the top. It has to be raised first.) |
mNo edit summary |
||
(10 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
= Introduction = |
|||
= Impact of upgrading the functional levels = |
|||
The Active Directory (AD) functional levels determine the domain or forest capabilities. For details, see: |
|||
'''Warning: Before you raise the functional levels in your AD, you should make sure, that you understand what functional levels are and what consequences it will have for your domain and forest, if you upgrade them!''' |
|||
Some usefull links to documentation about AD functional levels: |
|||
* [http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels%28WS.10%29.aspx Understanding Active Directory Domain Services (AD DS) Functional Levels] |
* [http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels%28WS.10%29.aspx Understanding Active Directory Domain Services (AD DS) Functional Levels] |
||
Line 10: | Line 8: | ||
{{Imbox |
|||
| type = important |
|||
| text = If you raise any of the functional levels, you will need to restart the Samba AD DC(s). |
|||
}} |
|||
⚫ | |||
== Through Windows Administration Tools == |
|||
= Supported Functional Levels = |
|||
'''Hint: This way does not work at the moment! See [https://bugzilla.samba.org/show_bug.cgi?id=10360 Bug #10360]''' |
|||
You can set the following functional levels in Active Directory (AD) via samba-tool. |
|||
The following steps can be executed on any Windows machine (including workstations), on which the RSAT (Remote Server Administration Tools) are installed. |
|||
{| class="wikitable" |
|||
⚫ | |||
!Functional Level |
|||
!Included in Samba Version |
|||
|- |
|||
|2012_R2 |
|||
|4.4 and later* |
|||
|- |
|||
|2012 |
|||
|4.4 and later* |
|||
|- |
|||
|2008_R2 |
|||
|4.0 and later |
|||
|- |
|||
|2008 |
|||
|4.0 and later |
|||
|- |
|||
|2003 |
|||
|4.0 and later |
|||
|} |
|||
<nowiki>*</nowiki> Functional level is included for use against Windows, but '''not supported in Samba'''. Kerberos improvements from Windows Server 2012 and 2012 R2 are not implemented in Samba. |
|||
⚫ | |||
⚫ | |||
⚫ | |||
To raise the domain functional level on a Samba Active Directory (AD) domain controller (DC), use <code>samba-tool</code>. For example, to set the domain functional level to <code>2008_R2</code>: |
|||
⚫ | |||
For a list of supported domain functional levels, see [[#Supported_Functional_Levels|Supported Functional Levels]]. |
|||
== Using the Windows Active Directory Domains and Trusts Utility == |
|||
{{Imbox |
|||
| type = important |
|||
| text = Raising the domain functional level using the <code>Active Directory Domains and Trusts</code> utility is currently not supported.<br />For details, see https://bugzilla.samba.org/show_bug.cgi?id=10360 |
|||
}} |
|||
Run the following steps on a Windows machine having the remote server administration tools (RSAT) installed: |
|||
* Log in as domain administrator. |
|||
⚫ | |||
⚫ | |||
:[[Image:Raise_Domain_Functional_Level.png]] |
:[[Image:Raise_Domain_Functional_Level.png]] |
||
* |
* Select the functional level. |
||
* Click <code>OK</code>. |
|||
⚫ | |||
You can raise the domain functional level on any of your Samba AD Domain Controllers by using the following command: |
|||
⚫ | |||
⚫ | |||
⚫ | |||
{{Imbox |
|||
| type = note |
|||
⚫ | |||
}} |
|||
To raise the forest functional level on a Samba Active Directory (AD) domain controller (DC), use <code>samba-tool</code>. For example, to set the forest functional level to <code>2012_R2</code>: |
|||
⚫ | |||
⚫ | |||
For a list of supported forest functional levels, see [[#Supported_Functional_Levels|Supported Functional Levels]]. |
|||
⚫ | |||
== |
== Using the Windows Active Directory Domains and Trusts Utility == |
||
{{Imbox |
|||
'''Hint: This way does not work at the moment! See [https://bugzilla.samba.org/show_bug.cgi?id=10360 Bug #10360]''' |
|||
| type = important |
|||
| text = Raising the domain functional level using the <code>Active Directory Domains and Trusts</code> utility is currently not supported.<br />For details, see https://bugzilla.samba.org/show_bug.cgi?id=10360 |
|||
}} |
|||
Run the following steps on a Windows machine having the remote server administration tools (RSAT) installed: |
|||
* Log in as domain administrator. |
|||
⚫ | |||
* |
* Open the <code>Active Directory Domains and Trusts</code> utility. |
||
* Right-click <code>Active Directory Domains and Trusts</code> on the left side and select <code>Raise Forest Functional Level</code>. |
|||
:[[Image:Raise_Forest_Functional_Level.png]] |
:[[Image:Raise_Forest_Functional_Level.png]] |
||
* |
* Select the functional level. |
||
* Click <code>OK</code>. |
|||
⚫ | |||
You can raise the forest functional level on any of your Samba AD Domain Controllers by using the following command: |
|||
---- |
|||
⚫ | |||
[[Category:Active Directory]] |
Latest revision as of 16:47, 12 April 2021
Introduction
The Active Directory (AD) functional levels determine the domain or forest capabilities. For details, see:
If you raise any of the functional levels, you will need to restart the Samba AD DC(s). |
Supported Functional Levels
You can set the following functional levels in Active Directory (AD) via samba-tool.
Functional Level | Included in Samba Version |
---|---|
2012_R2 | 4.4 and later* |
2012 | 4.4 and later* |
2008_R2 | 4.0 and later |
2008 | 4.0 and later |
2003 | 4.0 and later |
* Functional level is included for use against Windows, but not supported in Samba. Kerberos improvements from Windows Server 2012 and 2012 R2 are not implemented in Samba.
Raising the Domain Functional Level
Using samba-tool
To raise the domain functional level on a Samba Active Directory (AD) domain controller (DC), use samba-tool
. For example, to set the domain functional level to 2008_R2
:
# samba-tool domain level raise --domain-level=2008_R2
For a list of supported domain functional levels, see Supported Functional Levels.
Using the Windows Active Directory Domains and Trusts Utility
Raising the domain functional level using the Active Directory Domains and Trusts utility is currently not supported.For details, see https://bugzilla.samba.org/show_bug.cgi?id=10360 |
Run the following steps on a Windows machine having the remote server administration tools (RSAT) installed:
- Log in as domain administrator.
- Open the
Active Directory Domains and Trusts
utility.
- Right-click the domain on the left side and select
Raise Domain Functional Level
.
- Select the functional level.
- Click
OK
.
Raising the Forest Functional Level
Using samba-tool
You can not set the forest functional level higher than the domain functional level. |
To raise the forest functional level on a Samba Active Directory (AD) domain controller (DC), use samba-tool
. For example, to set the forest functional level to 2012_R2
:
# samba-tool domain level raise --forest-level=2012_R2
For a list of supported forest functional levels, see Supported Functional Levels.
Using the Windows Active Directory Domains and Trusts Utility
Raising the domain functional level using the Active Directory Domains and Trusts utility is currently not supported.For details, see https://bugzilla.samba.org/show_bug.cgi?id=10360 |
Run the following steps on a Windows machine having the remote server administration tools (RSAT) installed:
- Log in as domain administrator.
- Open the
Active Directory Domains and Trusts
utility.
- Right-click
Active Directory Domains and Trusts
on the left side and selectRaise Forest Functional Level
.
- Select the functional level.
- Click
OK
.