Re: [Samba] Does DomainCompatibilityMode still work for NT4 domain joins in Windows 10?
- Date: Tue, 19 Jun 2018 07:50:33 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Does DomainCompatibilityMode still work for NT4 domain joins in Windows 10?
On Mon, 18 Jun 2018 17:12:51 -0500
David Whitney via samba <samba@xxxxxxxxxxxxxxx> wrote:
> I have a brand new Windows 10 Pro box, Version 1703, Build
> 15063.1155, and made the two registry mods (DNSNameResolutionRequired
> and DomainCompatibilityMode) to enable it to join an old-style NT4
> Samba domain (Version 4.3). However, I note that the dialog for
> joining a domain within Windows 10 now specifically says to "Join an
> Active Directory Domain," and no attempt to join the domain has
> succeeded. In all cases, the domain name I provide is not found.
> I began to observe a slight delay from the time I would provide the
> domain name and receive the failure message, which led me to believe
> the DNS lookup is still occurring. I added the name of my DC to both
> the local HOSTS file and even the LMHOSTS file on the W10 box,
> neither to any avail.
> I am suspecting now that this most recent build of Windows has quietly
> turned off the last vestige of NT4 domain-join support by now ignoring
> minimally the DomainCompatibilityMode setting. I was wondering if any
> other users with a very recent Windows 10 Pro build might have
> experienced the same issue. I have not yet undertaken a network trace
> to see if the W10 box is querying DNS for the conspicuous "_ldap..."
> style AD domain record.
> Also, I was wondering why logon for a domain-joined W10 box against
> an NT4 Samba domain requires the max SMB level to be NT1. My
> understanding was that Samba started supporting 3.11 with 4.3.
Windows seems intent on removing all access to NT4-style domains.
Latterly, the only way to connect is to set the SMB level to NT1, but
even that doesn't seem to help now.
Whilst trying not to sound like a cracked record, can I urge you to
make plans to upgrade to AD whilst you can, and before Windows just
stops working totally with your NT4-style domain. I fear that day is not
To unsubscribe from this list go to the following URL and read the