[Freeipa-users] Error: invalid 'AD domain controller' when establishing trust

Sumit Bose sbose at redhat.com
Wed Oct 8 07:24:27 UTC 2014

On Wed, Oct 08, 2014 at 02:42:47AM +0200, Genadi Postrilko wrote:
> Hello.
> I am attempting to create trust between AD and IPA.
> I have deployed AD environment as follows:
> I have created domain RED.COM
> Then i add new domain tree root - BLUE.COM.
> Now i would like to establish trust with IPA as a sub domain (LINUX.BLUE.COM)
> of BLUE.COM.
> I followed the guide and when reaching to trust agreement creation i
> stumbled into this error:
>  ipa trust-add --type=ad blue.com --admin Administrator --password
> Active directory domain administrator's password:
> ipa: ERROR: invalid 'AD domain controller': unsupported functional level

can you check the domain and forest functional levels of your domains?
You can find this information in the 'Active Directory Domains and
Trusts' utility by right-clicking the domain name and selecting
properties? iirc the minimal level we support in 2003R2.


> Both AD server are 2008 R2.
> IPA version is 3.3, installed on RHEL 7.
> Help will be appreciated.
> Genadi.

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project

More information about the Freeipa-users mailing list