s4:provision - Bump down the domain and forest level to Windows 2000

- The DC level we keep on Windows Server 2008 R2 (we should call ourself
  always the newest server type)
- The domain/forest level we set to the minimum (Windows 2000 native) to
  allow all AD DC types (from Windows 2000 on) in our domain - the NT4 "mixed"
  mode isn't supported by us (discussed on mailing list) -> "nTMixedDomain" is
  set always to 0
- I'll add a script which allows to bump the DC level (basically sets the
  "msDS-Behaviour-Version" attributes on the "Partitions/Configuration/DC" and
  on the "DC" object)

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index ca9850304ee0e1c37d2076d9dd94cb61926ba17f..065677fa68c2138a467e73ee9865c767f6020578 100644 (file)
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -44,7 +44,7 @@ from credentials import Credentials, DONT_USE_KERBEROS
 from auth import system_session, admin_session
 from samba import version, Ldb, substitute_var, valid_netbios_name
 from samba import check_all_substituted
-from samba import DS_DOMAIN_FUNCTION_2008_R2, DS_DC_FUNCTION_2008_R2
+from samba import DS_DOMAIN_FUNCTION_2000, DS_DC_FUNCTION_2008_R2
 from samba.samdb import SamDB
 from samba.idmap import IDmapDB
 from samba.dcerpc import security
@@ -835,8 +835,8 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
     :note: This will wipe the main SAM database file!
     """
 
-    domainFunctionality = DS_DOMAIN_FUNCTION_2008_R2
-    forestFunctionality = DS_DOMAIN_FUNCTION_2008_R2
+    domainFunctionality = DS_DOMAIN_FUNCTION_2000
+    forestFunctionality = DS_DOMAIN_FUNCTION_2000
     domainControllerFunctionality = DS_DC_FUNCTION_2008_R2
 
     # Also wipes the database

diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif
index a7409966db19463a7a75df345e605b3060a749bf..098cb91b5d4a432c0f00a3645280e9531154cfb1 100644 (file)
--- a/source4/setup/provision_configuration.ldif
+++ b/source4/setup/provision_configuration.ldif
@@ -828,24 +828,25 @@ showInAdvancedViewOnly: TRUE
 dn: CN=Enterprise Configuration,CN=Partitions,${CONFIGDN}
 objectClass: top
 objectClass: crossRef
-systemFlags: 1
-nCName: ${CONFIGDN}
 dnsRoot: ${DNSDOMAIN}
+nCName: ${CONFIGDN}
+systemFlags: 1
 
 dn: CN=Enterprise Schema,CN=Partitions,${CONFIGDN}
 objectClass: top
 objectClass: crossRef
-systemFlags: 1
-nCName: ${SCHEMADN}
 dnsRoot: ${DNSDOMAIN}
+nCName: ${SCHEMADN}
+systemFlags: 1
 
 dn: CN=${DOMAIN},CN=Partitions,${CONFIGDN}
 objectClass: top
 objectClass: crossRef
-systemFlags: 3
+dnsRoot: ${DNSDOMAIN}
 nCName: ${DOMAINDN}
 nETBIOSName: ${DOMAIN}
-dnsRoot: ${DNSDOMAIN}
+nTMixedDomain: 0
+systemFlags: 3
 
 dn: CN=Physical Locations,${CONFIGDN}
 objectClass: top