.. Reminder for header structure:        
  Parts (H1)          : #################### with overline
  Chapters (H2)       : ******************** with overline
  Sections (H3)       : ====================
  Subsections (H4)    : --------------------
  Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^
  Paragraphs (H6)     : """""""""""""""""""""

.. |date| date::

.. meta::
  :description: Adding a Samba-AD in a Microsoft Active Directory domain
  :keywords: Samba-AD, documentation, MSAD

.. _samba_add_samba_to_windows_active_directory:

########################################################
Adding a Samba-AD in a Microsoft Active Directory domain
########################################################

This documentation can be used to migrate an existing MS-AD domain to a Samba-AD domain.

.. hint::

  Samba 4.20 and later supports MSAD 2016 schema with a 2016 forest level.
  The 2016 level includes silos, claims and FAST kerberos.


* Show the current forest level;

  .. code-block:: text

    Get-ADDomain | fl Name,DomainMode
    Get-ADForest | fl Name,ForestMode


* Then prepare the Samba virtual machine according to :ref:`the following recommendations <server_prepare_redhat>`, then instantiate the domain controller as a :ref:`secondary domain controller <server_secondary_redhat>`;

* After joining, check that the DNS entries of the new domain controller have been created;

  .. code-block:: bash

    samba_dnsupdate --verbose

* Add the address of the Samba-AD controller to the network card of the Windows machine as a secondary DNS server;

* Check that the replications are running correctly on the Samba side with the following command line:

  .. code-block:: bash

    samba-tool drs showrepl

* Check that the replications are running correctly on the Windows side with the following command line:

  .. code-block:: text

     repadmin /showrepl
