Handling DNS in a Single Active Directory Domain Controller Environment

scottalanmiller

That's why Best Practices must be so few and far between, there are so rarely things that have no acceptable alternatives. Since a best practice must be accepted to be superior to all alternatives, then you never have to question it, as any alternative is inferior.

But in something like one DC or two, there can be no best practice, because both options are perfectly acceptable under different scenarios. Sometimes one DC is just fine, sometimes you need two (or more.) If one or the other was a best practice, then the other would be never the right option.

pmoncho

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@brrabill said in Handling DNS in a Single Active Directory Domain Controller Environment:

Just think of what a different discussion this would be if MS just allowed you to spin up a free AD server, that just had AD, like Hyper-V Server.

Just imagine if a free AD server existed out there!

Oh wait...

I'm guessing you mean Samba? Or am I missing something?

scottalanmiller

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@brrabill said in Handling DNS in a Single Active Directory Domain Controller Environment:

Just think of what a different discussion this would be if MS just allowed you to spin up a free AD server, that just had AD, like Hyper-V Server.

Just imagine if a free AD server existed out there!

Oh wait...

I'm guessing you mean Samba? Or am I missing something?

Yes, Samba will do AD for free. And is available on many platforms.

StuartJordan

I believe the forest level with Samba can only be 2008R2 though.

scottalanmiller

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

pmoncho

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

https://wiki.samba.org/index.php/Raising_the_Functional_Levels

StuartJordan

@scottalanmiller Very true, nothing wrong at all in using. believe there was some improvements to DFS-R in higher Forrest levels, but if your obviously using Samba in your environment you probably would not be using this role anyway.

scottalanmiller

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

https://wiki.samba.org/index.php/Raising_the_Functional_Levels

Rumor is, but I'm not sure that 4.4 is widely available yet?

scottalanmiller

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller Very true, nothing wrong at all in using. believe there was some improvements to DFS-R in higher Forrest levels, but if your obviously using Samba in your environment you probably would not be using this role anyway.

Right, generally not.

Romo

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

https://wiki.samba.org/index.php/Raising_the_Functional_Levels

Rumor is, but I'm not sure that 4.4 is widely available yet?

Even newer versions =).

Centos 7.5 is using 4.7.1
Fedora 28 is using 4.8.5

pmoncho

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

https://wiki.samba.org/index.php/Raising_the_Functional_Levels

Rumor is, but I'm not sure that 4.4 is widely available yet?

smbstatus on Ubuntu 18.1 shows Samba 4.7.6.

scottalanmiller

@romo said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

https://wiki.samba.org/index.php/Raising_the_Functional_Levels

Rumor is, but I'm not sure that 4.4 is widely available yet?

Even newer versions =).

Centos 7.5 is using 4.7.1
Fedora 28 is using 4.8.5

Oh wow, nevermind, lol.

scottalanmiller

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

https://wiki.samba.org/index.php/Raising_the_Functional_Levels

Rumor is, but I'm not sure that 4.4 is widely available yet?

smbstatus on Ubuntu 18.1 shows Samba 4.7.6.

Is that for 18.04 or 18.10, the latter released a few days ago (I need to go update some systems.)

StuartJordan

yep, using 18.04.1 here...

scottalanmiller

So likely a bit newer now.

pmoncho

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@pmoncho said in Handling DNS in a Single Active Directory Domain Controller Environment:

@scottalanmiller said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

Sure, but what does that really affect? Forest level limitation is nothing like an old code limitation. Nothing wrong with using a 2008 R2 Forest level.

If I am reading this correctly, I believe Samba 4.4 and higher can go to 2012 R2.

https://wiki.samba.org/index.php/Raising_the_Functional_Levels

Rumor is, but I'm not sure that 4.4 is widely available yet?

smbstatus on Ubuntu 18.1 shows Samba 4.7.6.

Is that for 18.04 or 18.10, the latter released a few days ago (I need to go update some systems.)

My bad, it is 18.04.1

scottalanmiller

I hadn't even realized it was out. I suppose I was out of town when it happened. But I feel like there was a lack of fanfare going on. I had heard of ElementaryOS going to 5.0 without hearing that Ubuntu 18.10 was out!

Obsolesce

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

If you're not using Windows AD, what's it matter?

scottalanmiller

@obsolesce said in Handling DNS in a Single Active Directory Domain Controller Environment:

@stuartjordan said in Handling DNS in a Single Active Directory Domain Controller Environment:

I believe the forest level with Samba can only be 2008R2 though.

If you're not using Windows AD, what's it matter?

If he's merging in DFS, it might. It's rare to do, but could matter.

StuartJordan

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754918(v=ws.10)