Bug 1484683 - [RFE] Support Windows Server 2016 Domain/Forest Functional Levels
Summary: [RFE] Support Windows Server 2016 Domain/Forest Functional Levels
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.5
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: ipa-qe
Aneta Šteflová Petrová
Depends On:
Blocks: 1485952
TreeView+ depends on / blocked
Reported: 2017-08-24 06:47 UTC by Martin Kosek
Modified: 2021-06-10 12:52 UTC (History)
8 users (show)

Fixed In Version: ipa-4.5.4-10.el7
Doc Type: Enhancement
Doc Text:
Windows Server 2016 forest and domain functional levels now supported for trust When using Identity Management, you can now establish a supported forest trust to Active Directory forests that run at the Windows Server 2016 forest and domain functional levels.
Clone Of:
: 1485952 (view as bug list)
Last Closed: 2018-03-26 14:44:29 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Martin Kosek 2017-08-24 06:47:31 UTC
Description of problem:
IdM Server currently supports Windows 2016, but only with maximum Windows 2012 R2 Forest/Domain Functional Level:


* You can establish a trust relationship with the following Active Directory functional levels:
  * Forest functional level range: Windows Server 2008 - Windows Server 2012 R2
Domain functional level range: Windows Server 2008 - Windows Server 2012 R2
* The following operating systems are explicitly supported and tested for establishing a trust using the mentioned functional levels:
  * Windows Server 2012 R2
  * Windows Server 2016

Related level description documentation:

This RFE is to add a support of Windows Server 2016 Forest/Domain Functional Levels:

The primary goal is IdM-AD Trust functionality. Secondary (optional) goal is Winsync agreement functionality.

Comment 4 Martin Kosek 2017-09-08 12:05:55 UTC
This work requires switching to use of Kerberos when establishing trust as this will help us working with SMB1-disabled Windows Server 2016:


Linked to this Bugzilla.

Comment 7 Petr Vobornik 2018-03-26 14:07:45 UTC
Based on Alexander's comment, unlining Pagure issue 4960 (Use Kerberos to establish trust) because it is strictly speaking unrelated.

Comment 8 Martin Kosek 2018-03-26 14:44:29 UTC
The RFE was tested in RHEL-7.5 with Windows Server 2016, there should not be anything preventing it from working. Unfortunately, it was not added to the RHEL-7.5 IPA errata, so the bug stayed in NEW state. As we can no longer add the bug to errata cleanly, I am manually switching the bug to CLOSED.

Note You need to log in before you can comment on or make changes to this bug.