Raising the Functional Levels: Difference between revisions

From SambaWiki
(Initial version of the 'Raising the function levels' HowTo)
 
mNo edit summary
 
(12 intermediate revisions by 4 users not shown)
Line 1: Line 1:
= Introduction =
= Impact of upgrading the functional levels =


The Active Directory (AD) functional levels determine the domain or forest capabilities. For details, see:
'''Warning: Before you raise the functional levels in your AD, you should make sure, that you understand what functional levels are and what consequences it will have for your domain and forest, if you upgrade them!'''

Some usefull links to documentation about AD functional levels:


* [http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels%28WS.10%29.aspx Understanding Active Directory Domain Services (AD DS) Functional Levels]
* [http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels%28WS.10%29.aspx Understanding Active Directory Domain Services (AD DS) Functional Levels]
Line 10: Line 8:




{{Imbox
| type = important
| text = If you raise any of the functional levels, you will need to restart the Samba AD DC(s).
}}






= Raising the forest functional level =


'''The forest functional level can't be higher than the domain functional level!'''


= Supported Functional Levels =


You can set the following functional levels in Active Directory (AD) via samba-tool.


{| class="wikitable"
== Through Windows Administration Tools ==
!Functional Level
!Included in Samba Version
|-
|2012_R2
|4.4 and later*
|-
|2012
|4.4 and later*
|-
|2008_R2
|4.0 and later
|-
|2008
|4.0 and later
|-
|2003
|4.0 and later
|}


<nowiki>*</nowiki> Functional level is included for use against Windows, but '''not supported in Samba'''. Kerberos improvements from Windows Server 2012 and 2012 R2 are not implemented in Samba.
'''Hint: This way does not work at the moment! See [https://bugzilla.samba.org/show_bug.cgi?id=10360 Bug #10360]'''


= Raising the Domain Functional Level =
The following steps can be executed on any Windows machine (including workstations), on which the RSAT (Remote Server Administration Tools) are installed.


== Using samba-tool ==
* Open Active Directory Domains and Trusts


To raise the domain functional level on a Samba Active Directory (AD) domain controller (DC), use <code>samba-tool</code>. For example, to set the domain functional level to <code>2008_R2</code>:
* Right-click to „Active Directory Domains and Trusts“ in the left pane and choose „Raise Forest Functional Level...“.


# samba-tool domain level raise --domain-level=2008_R2
:[[Image:Raise_Forest_Functional_Level.png]]


For a list of supported domain functional levels, see [[#Supported_Functional_Levels|Supported Functional Levels]].
* In the upcomming Window, choose the functional level, you want to upgrade to.






== Using the Windows Active Directory Domains and Trusts Utility ==
== Through samba-tool ==


{{Imbox
You can raise the forest functional level on any of your Samba AD Domain Controllers by using the following command:
| type = important
| text = Raising the domain functional level using the <code>Active Directory Domains and Trusts</code> utility is currently not supported.<br />For details, see https://bugzilla.samba.org/show_bug.cgi?id=10360
}}


Run the following steps on a Windows machine having the remote server administration tools (RSAT) installed:
# samba-tool domain level --forest-level=...


* Log in as domain administrator.


* Open the <code>Active Directory Domains and Trusts</code> utility.


* Right-click the domain on the left side and select <code>Raise Domain Functional Level</code>.


:[[Image:Raise_Domain_Functional_Level.png]]


= Raising the domain functional level =
* Select the functional level.


* Click <code>OK</code>.
== Through Windows Administration Tools ==


'''Hint: This way does not work at the moment! See [https://bugzilla.samba.org/show_bug.cgi?id=10360 Bug #10360]'''


The following steps can be executed on any Windows machine (including workstations), on which the RSAT (Remote Server Administration Tools) are installed.


* Open Active Directory Domains and Trusts


* Right-click your Domain in the left pane and choose „Raise Domain Functional Level...“.


= Raising the Forest Functional Level =
:[[Image:Raise_Domain_Functional_Level.png]]

== Using samba-tool ==

{{Imbox
| type = note
| text = You can not set the forest functional level higher than the domain functional level.
}}


To raise the forest functional level on a Samba Active Directory (AD) domain controller (DC), use <code>samba-tool</code>. For example, to set the forest functional level to <code>2012_R2</code>:

# samba-tool domain level raise --forest-level=2012_R2

For a list of supported forest functional levels, see [[#Supported_Functional_Levels|Supported Functional Levels]].



== Using the Windows Active Directory Domains and Trusts Utility ==

{{Imbox
| type = important
| text = Raising the domain functional level using the <code>Active Directory Domains and Trusts</code> utility is currently not supported.<br />For details, see https://bugzilla.samba.org/show_bug.cgi?id=10360
}}

Run the following steps on a Windows machine having the remote server administration tools (RSAT) installed:

* Log in as domain administrator.

* Open the <code>Active Directory Domains and Trusts</code> utility.

* Right-click <code>Active Directory Domains and Trusts</code> on the left side and select <code>Raise Forest Functional Level</code>.

:[[Image:Raise_Forest_Functional_Level.png]]


* In the upcomming Window, choose the functional level, you want to upgrade to.
* Select the functional level.


* Click <code>OK</code>.






== Through samba-tool ==


You can raise the domain functional level on any of your Samba AD Domain Controllers by using the following command:


----
# samba-tool domain level --forest-level=...
[[Category:Active Directory]]

Latest revision as of 16:47, 12 April 2021

Introduction

The Active Directory (AD) functional levels determine the domain or forest capabilities. For details, see:




Supported Functional Levels

You can set the following functional levels in Active Directory (AD) via samba-tool.

Functional Level Included in Samba Version
2012_R2 4.4 and later*
2012 4.4 and later*
2008_R2 4.0 and later
2008 4.0 and later
2003 4.0 and later

* Functional level is included for use against Windows, but not supported in Samba. Kerberos improvements from Windows Server 2012 and 2012 R2 are not implemented in Samba.

Raising the Domain Functional Level

Using samba-tool

To raise the domain functional level on a Samba Active Directory (AD) domain controller (DC), use samba-tool. For example, to set the domain functional level to 2008_R2:

# samba-tool domain level raise --domain-level=2008_R2

For a list of supported domain functional levels, see Supported Functional Levels.


Using the Windows Active Directory Domains and Trusts Utility

Run the following steps on a Windows machine having the remote server administration tools (RSAT) installed:

  • Log in as domain administrator.
  • Open the Active Directory Domains and Trusts utility.
  • Right-click the domain on the left side and select Raise Domain Functional Level.
Raise Domain Functional Level.png
  • Select the functional level.
  • Click OK.



Raising the Forest Functional Level

Using samba-tool


To raise the forest functional level on a Samba Active Directory (AD) domain controller (DC), use samba-tool. For example, to set the forest functional level to 2012_R2:

# samba-tool domain level raise --forest-level=2012_R2

For a list of supported forest functional levels, see Supported Functional Levels.


Using the Windows Active Directory Domains and Trusts Utility

Run the following steps on a Windows machine having the remote server administration tools (RSAT) installed:

  • Log in as domain administrator.
  • Open the Active Directory Domains and Trusts utility.
  • Right-click Active Directory Domains and Trusts on the left side and select Raise Forest Functional Level.
Raise Forest Functional Level.png
  • Select the functional level.
  • Click OK.