Raising Domain/Forest from 2008 to 2016: What do I need to know?
-
@dbeato said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
I am currently in the process of retiring my 2008 AD servers in order to raise our forest and domain levels to 2016. We already have 3 WS 2016 AD servers in our environment (1 at each location). I have about 4 2008 AD servers to retire before I can do that, so I have some time. There is only 1 forest/1 domain to be concerned about here. We're not tied to any other domains or forests. We are tied to O365 through AAD Sync. We currently use SYSVOL batch scripts to map drives.
What do I need to consider changing before raising the domain/forest level?
It only ever adds functionality, never removes any.
In every case you can go ahead and raise it. It's a myth that you need to be concerned about itOther than raising it to a level where you block your choice to move off of Windows. That's the only thing.
That's not going to be a decision management will support unless we can come up with an entirely new environment that will support all of our functions.
- ERP System
- Email (easy)
- Integration with FedEx
- Integration with other parties/customers for order management
I am sure there is more here that I am missing. Just can't think of what it was.
What do any of those things have to do with your AD level?
It has more to do with Linux implementation.
But how? What's the association?
-
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
I am currently in the process of retiring my 2008 AD servers in order to raise our forest and domain levels to 2016. We already have 3 WS 2016 AD servers in our environment (1 at each location). I have about 4 2008 AD servers to retire before I can do that, so I have some time. There is only 1 forest/1 domain to be concerned about here. We're not tied to any other domains or forests. We are tied to O365 through AAD Sync. We currently use SYSVOL batch scripts to map drives.
What do I need to consider changing before raising the domain/forest level?
It only ever adds functionality, never removes any.
In every case you can go ahead and raise it. It's a myth that you need to be concerned about itOther than raising it to a level where you block your choice to move off of Windows. That's the only thing.
That's not going to be a decision management will support unless we can come up with an entirely new environment that will support all of our functions.
This doesn't make any sense . Linux is a drop in replacement here. So all of this is already supported. Windows and Linux aren't relevant to the discussion. The discussion is AD.
-
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
I am currently in the process of retiring my 2008 AD servers in order to raise our forest and domain levels to 2016. We already have 3 WS 2016 AD servers in our environment (1 at each location). I have about 4 2008 AD servers to retire before I can do that, so I have some time. There is only 1 forest/1 domain to be concerned about here. We're not tied to any other domains or forests. We are tied to O365 through AAD Sync. We currently use SYSVOL batch scripts to map drives.
What do I need to consider changing before raising the domain/forest level?
It only ever adds functionality, never removes any.
In every case you can go ahead and raise it. It's a myth that you need to be concerned about itOther than raising it to a level where you block your choice to move off of Windows. That's the only thing.
Let me back up and ask for clarification on the statement above.
-
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
I am currently in the process of retiring my 2008 AD servers in order to raise our forest and domain levels to 2016. We already have 3 WS 2016 AD servers in our environment (1 at each location). I have about 4 2008 AD servers to retire before I can do that, so I have some time. There is only 1 forest/1 domain to be concerned about here. We're not tied to any other domains or forests. We are tied to O365 through AAD Sync. We currently use SYSVOL batch scripts to map drives.
What do I need to consider changing before raising the domain/forest level?
It only ever adds functionality, never removes any.
In every case you can go ahead and raise it. It's a myth that you need to be concerned about itOther than raising it to a level where you block your choice to move off of Windows. That's the only thing.
Let me back up and ask for clarification on the statement above.
What does AD have to do with the listed applications? They run on Windows correct? Then moving to a Linux based SAMBA server probably wouldn't be an issue.
-
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
I am currently in the process of retiring my 2008 AD servers in order to raise our forest and domain levels to 2016. We already have 3 WS 2016 AD servers in our environment (1 at each location). I have about 4 2008 AD servers to retire before I can do that, so I have some time. There is only 1 forest/1 domain to be concerned about here. We're not tied to any other domains or forests. We are tied to O365 through AAD Sync. We currently use SYSVOL batch scripts to map drives.
What do I need to consider changing before raising the domain/forest level?
It only ever adds functionality, never removes any.
In every case you can go ahead and raise it. It's a myth that you need to be concerned about itOther than raising it to a level where you block your choice to move off of Windows. That's the only thing.
That's not going to be a decision management will support unless we can come up with an entirely new environment that will support all of our functions.
This doesn't make any sense . Linux is a drop in replacement here. So all of this is already supported. Windows and Linux aren't relevant to the discussion. The discussion is AD.
Totally understand that this discussion was about AD. I thought you were trying to turn the subject somewhere else.
-
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
I am currently in the process of retiring my 2008 AD servers in order to raise our forest and domain levels to 2016. We already have 3 WS 2016 AD servers in our environment (1 at each location). I have about 4 2008 AD servers to retire before I can do that, so I have some time. There is only 1 forest/1 domain to be concerned about here. We're not tied to any other domains or forests. We are tied to O365 through AAD Sync. We currently use SYSVOL batch scripts to map drives.
What do I need to consider changing before raising the domain/forest level?
It only ever adds functionality, never removes any.
In every case you can go ahead and raise it. It's a myth that you need to be concerned about itOther than raising it to a level where you block your choice to move off of Windows. That's the only thing.
Let me back up and ask for clarification on the statement above.
If you raise the AD level to 2012 R2, you can still optionally use Windows or Linux for your AD servers. If you go to 2016, Linux is no longer an option until Samba brings out an update to allow it to be a 2016 level server. As long as you don't go all of the way to 2016, you have no Windows based AD dependency here.
-
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
I am currently in the process of retiring my 2008 AD servers in order to raise our forest and domain levels to 2016. We already have 3 WS 2016 AD servers in our environment (1 at each location). I have about 4 2008 AD servers to retire before I can do that, so I have some time. There is only 1 forest/1 domain to be concerned about here. We're not tied to any other domains or forests. We are tied to O365 through AAD Sync. We currently use SYSVOL batch scripts to map drives.
What do I need to consider changing before raising the domain/forest level?
It only ever adds functionality, never removes any.
In every case you can go ahead and raise it. It's a myth that you need to be concerned about itOther than raising it to a level where you block your choice to move off of Windows. That's the only thing.
That's not going to be a decision management will support unless we can come up with an entirely new environment that will support all of our functions.
This doesn't make any sense . Linux is a drop in replacement here. So all of this is already supported. Windows and Linux aren't relevant to the discussion. The discussion is AD.
Totally understand that this discussion was about AD. I thought you were trying to turn the subject somewhere else.
People always like to claim that I do that, and the constant claiming that I do that has led more people to see things that aren't that as being that. It's something people repeat to try to make it look like I'm just spewing topics, because I often point out gaps in business decisino making making it relatively easy for people to overlook that I stayed more on topic than the people complaining about it.
I was 100% responding in the context of the question asked.
-
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
I am currently in the process of retiring my 2008 AD servers in order to raise our forest and domain levels to 2016. We already have 3 WS 2016 AD servers in our environment (1 at each location). I have about 4 2008 AD servers to retire before I can do that, so I have some time. There is only 1 forest/1 domain to be concerned about here. We're not tied to any other domains or forests. We are tied to O365 through AAD Sync. We currently use SYSVOL batch scripts to map drives.
What do I need to consider changing before raising the domain/forest level?
It only ever adds functionality, never removes any.
In every case you can go ahead and raise it. It's a myth that you need to be concerned about itOther than raising it to a level where you block your choice to move off of Windows. That's the only thing.
That's not going to be a decision management will support unless we can come up with an entirely new environment that will support all of our functions.
This doesn't make any sense . Linux is a drop in replacement here. So all of this is already supported. Windows and Linux aren't relevant to the discussion. The discussion is AD.
Totally understand that this discussion was about AD. I thought you were trying to turn the subject somewhere else.
People always like to claim that I do that, and the constant claiming that I do that has led more people to see things that aren't that as being that. It's something people repeat to try to make it look like I'm just spewing topics, because I often point out gaps in business decisino making making it relatively easy for people to overlook that I stayed more on topic than the people complaining about it.
I was 100% responding in the context of the question asked.
You answered your question as you should based on your statement, while @Tim_G stated a different qfact
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
I am currently in the process of retiring my 2008 AD servers in order to raise our forest and domain levels to 2016. We already have 3 WS 2016 AD servers in our environment (1 at each location). I have about 4 2008 AD servers to retire before I can do that, so I have some time. There is only 1 forest/1 domain to be concerned about here. We're not tied to any other domains or forests. We are tied to O365 through AAD Sync. We currently use SYSVOL batch scripts to map drives.
What do I need to consider changing before raising the domain/forest level?
It only ever adds functionality, never removes any.
In every case you can go ahead and raise it. It's a myth that you need to be concerned about itOther than raising it to a level where you block your choice to move off of Windows. That's the only thing.
That's not going to be a decision management will support unless we can come up with an entirely new environment that will support all of our functions.
This doesn't make any sense . Linux is a drop in replacement here. So all of this is already supported. Windows and Linux aren't relevant to the discussion. The discussion is AD.
Totally understand that this discussion was about AD. I thought you were trying to turn the subject somewhere else.
People always like to claim that I do that, and the constant claiming that I do that has led more people to see things that aren't that as being that. It's something people repeat to try to make it look like I'm just spewing topics, because I often point out gaps in business decisino making making it relatively easy for people to overlook that I stayed more on topic than the people complaining about it.
I was 100% responding in the context of the question asked.
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
I am currently in the process of retiring my 2008 AD servers in order to raise our forest and domain levels to 2016. We already have 3 WS 2016 AD servers in our environment (1 at each location). I have about 4 2008 AD servers to retire before I can do that, so I have some time. There is only 1 forest/1 domain to be concerned about here. We're not tied to any other domains or forests. We are tied to O365 through AAD Sync. We currently use SYSVOL batch scripts to map drives.
What do I need to consider changing before raising the domain/forest level?
It only ever adds functionality, never removes any.
In every case you can go ahead and raise it. It's a myth that you need to be concerned about itOther than raising it to a level where you block your choice to move off of Windows. That's the only thing.
That's not going to be a decision management will support unless we can come up with an entirely new environment that will support all of our functions.
This doesn't make any sense . Linux is a drop in replacement here. So all of this is already supported. Windows and Linux aren't relevant to the discussion. The discussion is AD.
Totally understand that this discussion was about AD. I thought you were trying to turn the subject somewhere else.
People always like to claim that I do that, and the constant claiming that I do that has led more people to see things that aren't that as being that. It's something people repeat to try to make it look like I'm just spewing topics, because I often point out gaps in business decisino making making it relatively easy for people to overlook that I stayed more on topic than the people complaining about it.
I was 100% responding in the context of the question asked.
I see you answered your question, but the other statements stemmed from @Tim_G fact.
-
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
I am currently in the process of retiring my 2008 AD servers in order to raise our forest and domain levels to 2016. We already have 3 WS 2016 AD servers in our environment (1 at each location). I have about 4 2008 AD servers to retire before I can do that, so I have some time. There is only 1 forest/1 domain to be concerned about here. We're not tied to any other domains or forests. We are tied to O365 through AAD Sync. We currently use SYSVOL batch scripts to map drives.
What do I need to consider changing before raising the domain/forest level?
It only ever adds functionality, never removes any.
In every case you can go ahead and raise it. It's a myth that you need to be concerned about itOther than raising it to a level where you block your choice to move off of Windows. That's the only thing.
That's not going to be a decision management will support unless we can come up with an entirely new environment that will support all of our functions.
This doesn't make any sense . Linux is a drop in replacement here. So all of this is already supported. Windows and Linux aren't relevant to the discussion. The discussion is AD.
Totally understand that this discussion was about AD. I thought you were trying to turn the subject somewhere else.
People always like to claim that I do that, and the constant claiming that I do that has led more people to see things that aren't that as being that. It's something people repeat to try to make it look like I'm just spewing topics, because I often point out gaps in business decisino making making it relatively easy for people to overlook that I stayed more on topic than the people complaining about it.
I was 100% responding in the context of the question asked.
Okay. Calm down. I simply inferred that when you mean of a total migration from Windows to Linux, AD to Samba, mail, desktops/servers, everything. That is where I got confused at.
-
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@nerdydad said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
I am currently in the process of retiring my 2008 AD servers in order to raise our forest and domain levels to 2016. We already have 3 WS 2016 AD servers in our environment (1 at each location). I have about 4 2008 AD servers to retire before I can do that, so I have some time. There is only 1 forest/1 domain to be concerned about here. We're not tied to any other domains or forests. We are tied to O365 through AAD Sync. We currently use SYSVOL batch scripts to map drives.
What do I need to consider changing before raising the domain/forest level?
It only ever adds functionality, never removes any.
In every case you can go ahead and raise it. It's a myth that you need to be concerned about itOther than raising it to a level where you block your choice to move off of Windows. That's the only thing.
That's not going to be a decision management will support unless we can come up with an entirely new environment that will support all of our functions.
- ERP System
- Email (easy)
- Integration with FedEx
- Integration with other parties/customers for order management
I am sure there is more here that I am missing. Just can't think of what it was.
What do any of those things have to do with your AD level?
Edit: This got replied to the wrong thing, so ignore that part above.
I get it.
Yeah a lot of things are not supported on Linux. An easy example is the FedEx software. You can either run it on Windows or the website. Website is fine for the most basic shipments, but becomes a huge hassle, really quick.
There's a lot of software like ERP stuff your company may be locked into Windows just because of that. Sure there are Linux ERP solutions, some may even support migration from your existing ERP to a potential new Linux based one. But that's a huge maybe. Even then it may be a tough sell to management as the whole process could easily cost way more than the next 10 years of Windows licensing.
It just depends on a lot of things.
Scott's right that those things likely never have anything to do with AD, but I think that's besides the point. You need to raise domain functional level because you run Windows and Windows AD. That software is irrelevant. But Scott is also correct in that you could still run everything with SAMBA. Perhaps if you were to plan to move away from Windows, but since you already have it and do not have plans on moving away from it, it really doesn't make sense to remove Windows AD, create a samba domain, and rejoin everything, and redo everything associated with it, while at the same time still using Windows everywhere.
-
Just important when asking what needs to be known going to 2016 that an existing option, a really major one that can save a lot of money and add a lot of flexibility, will go away by making this specific move.
-
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
Just important when asking what needs to be known going to 2016 that an existing option, a really major one that can save a lot of money and add a lot of flexibility, will go away by making this specific move.
Yes, that is a very important consideration to be aware of.
If I were to make a move like that as far as replacing Windows AD with SAMBA, I would prefer to do it in parallel with Windows AD.
What's the benefit of having Windows Server 2012 R2 servers running AD along with Linux Samba servers?
Does that allow for seamless migration with no down time for example?
If not, I'd rather do them in parallel. For example, if running a Windows 2016 AD environment, spin up a Samba server and slowly build it up in parallel to the WinAD.
Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.
-
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.
Never tried, but should, as it is just AD. It shouldn't be able to tell that it isn't Windows.
-
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
What's the benefit of having Windows Server 2012 R2 servers running AD along with Linux Samba servers?
None, I believe.
-
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.
Never tried, but should, as it is just AD. It shouldn't be able to tell that it isn't Windows.
Well - that depends, does the sync client have to run on a Windows AD server? If not, then you probably can sync a Samba solution to Azure AD.
-
@dashrender said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.
Never tried, but should, as it is just AD. It shouldn't be able to tell that it isn't Windows.
Well - that depends, does the sync client have to run on a Windows AD server? If not, then you probably can sync a Samba solution to Azure AD.
Last I knew, it wasn't even supposed to run on an AD server
-
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@dashrender said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.
Never tried, but should, as it is just AD. It shouldn't be able to tell that it isn't Windows.
Well - that depends, does the sync client have to run on a Windows AD server? If not, then you probably can sync a Samba solution to Azure AD.
Last I knew, it wasn't even supposed to run on an AD server
aww - I've never used it.. in that case - run it from any other Windows server, and bob's your uncle. If Samba is doing their job right, the sync client won't know the difference.
The next question is - does MS have any licensing around the use of the sync client as a gotcha?
-
@dashrender said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.
Never tried, but should, as it is just AD. It shouldn't be able to tell that it isn't Windows.
Well - that depends, does the sync client have to run on a Windows AD server? If not, then you probably can sync a Samba solution to Azure AD.
You can run it on any Windows server, but the problem with Samba is the password hash doesn't get sync to Azure.
https://lists.samba.org/archive/samba/2016-November/204564.html -
@dbeato said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@dashrender said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.
Never tried, but should, as it is just AD. It shouldn't be able to tell that it isn't Windows.
Well - that depends, does the sync client have to run on a Windows AD server? If not, then you probably can sync a Samba solution to Azure AD.
You can run it on any Windows server, but the problem with Samba is the password hash doesn't get sync to Azure.
https://lists.samba.org/archive/samba/2016-November/204564.htmlBY this I mean, everything works but password synchronization doesn't work same as Server 2008 running the Azure AD sync tool as well.
-
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@dashrender said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@scottalanmiller said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
@tim_g said in Raising Domain/Forest from 2008 to 2016: What do I need to know?:
Does Samba / Azure AD Sync allow you to Sync back passwords (and/or accounts) from O365 (to Samba)? I've never looked into that.
Never tried, but should, as it is just AD. It shouldn't be able to tell that it isn't Windows.
Well - that depends, does the sync client have to run on a Windows AD server? If not, then you probably can sync a Samba solution to Azure AD.
Last I knew, it wasn't even supposed to run on an AD server
Yes, it is not supposed to run in an AD server because the app needs SQL Express to work.