Forest Functional Level 2016 and AD Schema 2022
Since 4.19.0, you can raise the domain functional level of an existing domain to FL 2016, and AD Schema version to 88 (Windows Server 2019 / 2022).
Determine the AD Schema Version
You need first to determine the actual AD Schema on your Samba-AD installation :
ldbsearch -H /var/lib/samba/private/sam.ldb -b "cn=Schema,cn=Configuration,DC=$(hostname -d | sed 's/\./,DC=/g')" -s base objectVersion
Attention
If you are bellow 47 (if you come from MS SBS, MS 2003), you cannot upgrade easily your schema. Please contact Tranquil-IT for assistance.
Note
All AD Schema versions are available here : https://wiki.samba.org/index.php/AD_Schema_Version_Support
Determine the domain functional level
You can determine the function level for your domain with this samba-tool command :
root:~# samba-tool domain level show
Domain and forest function level for domain 'DC=domain,DC=lan'
Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2008 R2
Attention
if you are bellow 2008R2 lowest functional level of a DC, please contact Tranquil-IT for assistance.
Raising functional level from new Samba-AD version 4.19.0 or later
For new domain from 4.19.0, just add to your /etc/samba/smb.conf on the [global] section to all your Samba-AD domain controllers :
ad dc functional level = 2016
And restart samba :
systemctl restart samba-ad-dc # debian
systemctl restart samba # RedHat or derivated
Raising functional level from older Samba-AD
For older domain, you must update your /etc/samba/smb.conf on the [global] section to all your Samba-AD domain controllers :
ad dc functional level = 2016
And restart samba :
systemctl restart samba-ad-dc # debian
systemctl restart samba # RedHat or derivated
On the FSMO owner domain controller, run this :
samba-tool domain schemaupgrade --schema=2019
samba-tool domain functionalprep --function-level=2016
samba-tool domain level raise --domain-level=2016 --forest-level=2016
You are now on Forest Level 2016 and AD Schema version 88 (Windows Server 2019 / 2025).