Adding a Samba-AD in a Microsoft Active Directory domain

This documentation can be used to migrate an existing MS-AD domain to a Samba-AD domain.

Hint

Samba 4.20 supports MSAD 2016 schema with a 2016 forest level. The 2016 level includes silos, claims and FAST kerberos.

Show the current forest level;

Get-ADDomain | fl Name,DomainMode
Get-ADForest | fl Name,ForestMode

Then prepare the Samba virtual machine according to the following recommendations, then instantiate the domain controller as a secondary domain controller;
After joining, check that the DNS entries of the new domain controller have been created;
```
samba_dnsupdate --verbose
```
Add the address of the Samba-AD controller to the network card of the Windows machine as a secondary DNS server;
Check that the replications are running correctly on the Samba side with the following command line:
```
samba-tool drs showrepl
```
Check that the replications are running correctly on the Windows side with the following command line:
```
repadmin /showrepl
```