diff --git a/ad-server-replication/defaults/main.yml b/ad-server-replication/defaults/main.yml
index f74df11b36b6ed675a8c58dbaf5128d8c4b45d91..63dafda825c1f2f0f773a08cd91702abce4ce5e7 100644
--- a/ad-server-replication/defaults/main.yml
+++ b/ad-server-replication/defaults/main.yml
@@ -1,3 +1,6 @@
 ---
 
 ad_admin_password: samba-admin
+smb_model_prefork: false
+smb_prefork_children: 4  # since it is default in 4.10
+
diff --git a/ad-server-replication/tasks/main.yml b/ad-server-replication/tasks/main.yml
index f107acac4d077aa21d92cab1f58b27a5957ce30f..82a8c892c18407d31d89f986898521362d06a92c 100644
--- a/ad-server-replication/tasks/main.yml
+++ b/ad-server-replication/tasks/main.yml
@@ -98,6 +98,17 @@
   tags:
     - ad-server
 
+- name: ensure we have a default enviroment
+  template:
+    src: samba_environ.j2
+    dest: /etc/default/samba
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart samba-ad-dc server
+  tags:
+    - ad-server
+
 - name: ensure samba-ad-dc unit is running, enabled and not masked
   systemd:
     name: samba-ad-dc
diff --git a/ad-server-replication/templates/samba_environ.j2 b/ad-server-replication/templates/samba_environ.j2
new file mode 100644
index 0000000000000000000000000000000000000000..ba1860c191e0a47aaa9a150c1de0b7dff168533c
--- /dev/null
+++ b/ad-server-replication/templates/samba_environ.j2
@@ -0,0 +1,3 @@
+{% if smb_model_prefork %}
+SAMBAOPTIONS="--model prefork"
+{% endif %}
diff --git a/ad-server-replication/templates/smb.conf.j2 b/ad-server-replication/templates/smb.conf.j2
index 9d5b46bfa8421022304fde0b4bc3739714331227..2a85977c2ddd34a2996bdbd4b7e5ef9ce46760cf 100644
--- a/ad-server-replication/templates/smb.conf.j2
+++ b/ad-server-replication/templates/smb.conf.j2
@@ -24,6 +24,11 @@
         tls keyfile = {{smb_tls_key}}
         tls certfile = {{smb_tls_cert}}
 
+{% if smb_model_prefork %}
+        prefork children = {{ smb_prefork_children }}
+{% endif %}
+
+
 
 [netlogon]
         path = /var/lib/samba/sysvol/{{ domain }}/scripts
diff --git a/ad-server/defaults/main.yml b/ad-server/defaults/main.yml
index f74df11b36b6ed675a8c58dbaf5128d8c4b45d91..e8197eb0a20a39fbcd3497a0b780894f948f8919 100644
--- a/ad-server/defaults/main.yml
+++ b/ad-server/defaults/main.yml
@@ -1,3 +1,5 @@
 ---
 
 ad_admin_password: samba-admin
+smb_model_prefork: false
+smb_prefork_children: 4  # since it is default in 4.10
diff --git a/ad-server/tasks/main.yml b/ad-server/tasks/main.yml
index f25d848bbbde4df89af36406f59bbcbf24d829a9..6f74db4f3f06c5716e4a0e96eb50d9ac8755de9c 100644
--- a/ad-server/tasks/main.yml
+++ b/ad-server/tasks/main.yml
@@ -69,6 +69,17 @@
   tags:
     - ad-server
 
+- name: ensure we have a default enviroment
+  template:
+    src: samba_environ.j2
+    dest: /etc/default/samba
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart samba-ad-dc server
+  tags:
+    - ad-server
+
 - name: ensure samba-ad-dc unit is running, enabled and not masked
   systemd:
     name: samba-ad-dc
diff --git a/ad-server/templates/samba_environ.j2 b/ad-server/templates/samba_environ.j2
new file mode 100644
index 0000000000000000000000000000000000000000..ba1860c191e0a47aaa9a150c1de0b7dff168533c
--- /dev/null
+++ b/ad-server/templates/samba_environ.j2
@@ -0,0 +1,3 @@
+{% if smb_model_prefork %}
+SAMBAOPTIONS="--model prefork"
+{% endif %}
diff --git a/ad-server/templates/smb.conf.j2 b/ad-server/templates/smb.conf.j2
index 9d5b46bfa8421022304fde0b4bc3739714331227..65babf1a61ade1d9f433db77d38114337cd6369d 100644
--- a/ad-server/templates/smb.conf.j2
+++ b/ad-server/templates/smb.conf.j2
@@ -24,6 +24,10 @@
         tls keyfile = {{smb_tls_key}}
         tls certfile = {{smb_tls_cert}}
 
+{% if smb_model_prefork %}
+	prefork children = {{ smb_prefork_children }}
+{% endif %}
+
 
 [netlogon]
         path = /var/lib/samba/sysvol/{{ domain }}/scripts