Univention Bugzilla – Bug 28913
AD Takeover: Windows Server 2012 Domäne wird vom Samba nicht unterstützt
Last modified: 2019-01-03 07:23:28 CET
Aufgefallen bei einem AD Takeover gegen ein Windows Server 2012 mit Domänenfunktionsebene (Gesamtstrukturfunktionsebene) auf Windows Server 2012. Bei Join des UCS in die Windows Domäne gibt es folgenden Samba Fehler: WERR_DS_INCOMPATIBLE_VERSION
Da es um ein Takeover geht und Windows 2012 noch nicht so lange im Einsatz ist, hat das noch etwas Zeit.
A partner requested this feature, today.
requested by 2014052821006341
Looks like it's necessary to manually lower the Domain and Forest functional level on the Windows 2012 server first, via Powershell: Set-ADForestMode -Identity "mydom.local" -ForestMode Windows2008R2Forest Set-ADDomainMode -Identity "mydom.local" -DomainMode Windows2008R2Domain With these settings the domain join worked in my short test and it looks like the univention-ad-takeover proceeds as usual.
(In reply to Arvid Requate from comment #4) > Looks like it's necessary to manually lower the Domain and Forest functional > level on the Windows 2012 server first, via Powershell: > > Set-ADForestMode -Identity "mydom.local" -ForestMode Windows2008R2Forest > Set-ADDomainMode -Identity "mydom.local" -DomainMode Windows2008R2Domain > > With these settings the domain join worked in my short test and it looks > like the univention-ad-takeover proceeds as usual. Ah, that's good. I think we should show this info in the takeover process if we recognize an W2k12 domain.
I don't see a log file. Could this issue be fixed with this one? https://bugzilla.samba.org/show_bug.cgi?id=10294
Tobias had another case where the join failed. It's still unclear what the issue is, maybe there is more than one: * In the test environment here he saw a similar traceback as discussed in this thread: https://lists.samba.org/archive/samba/2013-November/176822.html * There might be a more general problem still related to the schema: https://lists.samba.org/archive/samba/2013-April/173050.html
(In reply to Arvid Requate from comment #4) > Looks like it's necessary to manually lower the Domain and Forest functional > level on the Windows 2012 server first, via Powershell: Just as supplement: Microsoft changed the default for domain and forest level selection with Server 2012. Until Server 2008 R2 the default value was the oldest available (Windows Server 2003 level) and one had to change this manually in a dropdown if something newer (Server 2008, 2008 R2) was needed. With Server 2012 (R2?) the default in the dropdown changed to the newest level version (e.g. Server 2012) and one has to change this manually if something older (Server 2008, 2008 R2) is needed. This means that every AD that is installed with Server 2012 will most probably also have 2012 as domain and forest functional level and will need this workaround.
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.