Comment 1 Stefan Gohmann 2012-10-25 11:00:50 CEST

Da es um ein Takeover geht und Windows 2012 noch nicht so lange im Einsatz ist, hat das noch etwas Zeit.

Comment 2 Jan Christoph Ebersbach 2014-05-27 17:09:20 CEST

A partner requested this feature, today.

Comment 3 Ingo Steuwer 2014-06-02 13:27:40 CEST

requested by 2014052821006341

Comment 4 Arvid Requate 2014-06-02 17:46:41 CEST

Looks like it's necessary to manually lower the Domain and Forest functional level on the Windows 2012 server first, via Powershell:

Set-ADForestMode -Identity "mydom.local" -ForestMode Windows2008R2Forest
Set-ADDomainMode -Identity "mydom.local" -DomainMode Windows2008R2Domain

With these settings the domain join worked in my short test and it looks like the univention-ad-takeover proceeds as usual.

Comment 5 Stefan Gohmann 2014-07-03 20:26:46 CEST

(In reply to Arvid Requate from comment #4)
> Looks like it's necessary to manually lower the Domain and Forest functional
> level on the Windows 2012 server first, via Powershell:
> 
> Set-ADForestMode -Identity "mydom.local" -ForestMode Windows2008R2Forest
> Set-ADDomainMode -Identity "mydom.local" -DomainMode Windows2008R2Domain
> 
> With these settings the domain join worked in my short test and it looks
> like the univention-ad-takeover proceeds as usual.

Ah, that's good. I think we should show this info in the takeover process if we recognize an W2k12 domain.

Comment 6 Stefan Gohmann 2014-07-09 06:51:34 CEST

I don't see a log file. Could this issue be fixed with this one?
 https://bugzilla.samba.org/show_bug.cgi?id=10294

Comment 7 Arvid Requate 2014-07-16 18:42:27 CEST

Tobias had another case where the join failed. It's still unclear what the issue is, maybe there is more than one:

* In the test environment here he saw a similar traceback as discussed in this thread: https://lists.samba.org/archive/samba/2013-November/176822.html

* There might be a more general problem still related to the schema: https://lists.samba.org/archive/samba/2013-April/173050.html

Comment 8 Michael Grandjean 2015-02-02 14:07:16 CET

(In reply to Arvid Requate from comment #4)
> Looks like it's necessary to manually lower the Domain and Forest functional
> level on the Windows 2012 server first, via Powershell:

Just as supplement: Microsoft changed the default for domain and forest level selection with Server 2012. Until Server 2008 R2 the default value was the oldest available (Windows Server 2003 level) and one had to change this manually in a dropdown if something newer (Server 2008, 2008 R2) was needed.
With Server 2012 (R2?) the default in the dropdown changed to the newest level version (e.g. Server 2012) and one has to change this manually if something older (Server 2008, 2008 R2) is needed.

This means that every AD that is installed with Server 2012 will most probably also have 2012 as domain and forest functional level and will need this workaround.

Comment 9 Stefan Gohmann 2019-01-03 07:23:28 CET

This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018.

Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.