As reminded by https://twitter.com/brdpoker/status/1590066974104879110?cxt=HHwWjIDQiaHfhpEsAAAA https://support.microsoft.com/en-us/topic/kb5008383-active-directory-permissions-updates-cve-2021-42291-536d5555-ffba-4248-a60e-d6cbc849cde1 Microsoft intends to enforce the changes in CVE-2021-42291 (which Samba fixed with bug 14810 and called CVE-2020-25720) sometime after April 2023. Currently the fixes for bug 14810 are only in master, so will be released with Samba 4.18, we might choose to backport to 4.17 and enforce with 4.18.