Error Domain functional level

Hi i have that error in my Domain Controller. Install Windows
Server 2012 R2, and I want to raise the functional level.
This Domain Controller no longer exists,
but is within the domain.
To update the domain functional level, the Active Directory Domain Controllers in the domain must be running the appropriate version of windows.
domain Name
xxxxxx.local
Current domain functional level
Windows Server 2008
The following Active Directory Domain Controllers are running earlier versions of windows:
domain Name    AD DC    Version of Windows
xxxxxxx.local    server.xxxxxx.local    Windows Server® 2008 Standard 6.0 (6001)
that I can
do?

it might be in the "LostAndFoundConfig" container in the Configuration partition.
Something like this should be logged:
Event Type: Warning
Event Source: NTDS General
Event Category: Directory Access
Event ID: 1723
Date: 6/4/2005
Time: 7:39:52 AM
User: NTDEV\A1ADCH
Computer: NTDEV-DC-07
Description:
Active Directory failed to raise the functional level of the domain or forest
because the following domain controller is at a lower functional level.
Object (forest or domain):
DC=ntdev,dc=corp,DC=microsoft,DC=com
NTDS Settings object of domain controller:
CN=NTDS Settings,CN=LostAndFoundConfig,CN=Configuration,DC=ntdev,DC=corp,DC=com
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Delete the 'NTDSA' object from the "LostAndFoundConfig" container using ADSIEdit.
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog

Similar Messages

  • Hyper-v 2012 R2 Live migration issue in 2003 Domain function Level

    hi Team ,
    i recently build 2012 R2 Hyper-v Cluster with three node. Everrything working fine with out any issue . Cluster working also fine. Later i came across one issue when tried to Live migration virtual machine from one host to another . it failed all the time
    while quick migration is working . i gone through few articles and find it is known issue with hyper-v 2012 R2 where domain functional level is set to 2003 . although they have provided Hotfix but no solution.
    http://support.microsoft.com/kb/2838043
    Please let me know if any one face similar issue and able to resolve by any hotfix. My host are updated .
    Thanks
    Ravindra
    Ravi

    Hi Ravi1987,
    The KB2838043 is applied for Server 2012 node, Could you offer us the related cluster error event id, or you can refer the following article to check your cluster
    network binding order is correct or not.
    Configuring Windows Failover Cluster Networks
    http://blogs.technet.com/b/askcore/archive/2014/02/20/configuring-windows-failover-cluster-networks.aspx
    You can try to install recommended hotfixes and updates for Windows Server 2012 R2-based failover clusters first, then monitor this issue again.
    The KB download:
    Recommended hotfixes and updates for Windows Server 2012 R2-based failover clusters
    http://support.microsoft.com/kb/2920151
    More information:
    Windows Server 2008 R2 Live Migration – “The devil may be in the networking details.”
    http://blogs.technet.com/b/askcore/archive/2009/12/10/windows-server-2008-r2-live-migration-the-devil-may-be-in-the-networking-details.aspx
    I’m glad to be of help to you!

  • Cannot Replicate after upgrading domain functional level

    Hello, 
    Parent and child domain. Parent domain (forest) still in domain functional level 2003. However, child domain i just updated to domain functional level 2008 R2. Now replication is not working. I believe the issue is dns, but i do not know what could be different
    the names have not changed? This is a two way transitive trust between domains.
    Frequent messages from dcdiag dns, are 
    no DNS RPC connectivity (although i have tried restarting dcom, netbios and frs)
    Also in event viewer many 13508 errors
    Any help is greatly appreciated thank you.

    Have you restarted the DCs after that you raised the functional level? The password of the krbtgt account is reset when the DFL is raised from 2003 -> and sometimes the DCs need to be restarted for the authentication to succeed up to the root.
    If you from a Windows Server 2008 R2 DC run dcdiag /test:dns /E dose it report any errors?
    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog

  • Logon failure after upgrade Windows 2003 domain functional level and schema

    Before upgrade:
    Windows 2003 Std server: Domain functional level 2000, Schema verion 30
    Crystal Report XI R2: Authentication: Windows AD
    Logon OK.
    After Upgrade:
    Windows 2003 Std + Windows 2008: Domain functional level 2003, Schema verion 44
    Crystal Report XI R2: Authentication: Windows AD
    Logon Error: An error has occurred: java.lan.NullPointerException
    Is it a Tomcat problem?  OR Java runtime problem?  OR XI R2 problem?
    Anyone can help to fix it!?  Thanks!!

    OK, I try again in the testing lab and simplify the combination.  We only consider Windows 2003 ONLY.
    Before AD upgrade:
    AD/Domain Controller: Windows 2003 Std server: Domain functional level 2000, Schema verion 30
    Crystal Report XI R2: run on Windows 2003 memeber server
    Operating OS: Windows XP/Vista/7: Authentication: Windows AD
    Logon OK.
    Upgrade cmbination 1
    Step 1:
    Upgrade Domain controller: Windows 2003 to Windows 2003 R2 (Domain functional level 2000, Schema verion 31 )
    Crystal Report XI R2: run on Windows 2003 memeber server
    Operating OS: Windows XP/Vista/7: Authentication: Windows AD
    Logon OK.
    Step 2:
    Upgrade Domain Functional Level: Windows 2003 R2 (Domain functional level 2003, Schema verion 31)
    Crystal Report XI R2: run on Windows 2003 memeber server
    Operating OS: Windows XP/Vista/7: Authentication: Windows AD
    Logon Fail
    Logon Error: An error has occurred: java.lan.NullPointerException
    Upgrade combination 2
    Direct upgrade Domain Functional Level: Windows 2003 (Domain functional level 2003, Schema verion 30)
    Crystal Report XI R2: run on Windows 2003 memeber server
    Operating OS: Windows XP/Vista/7: Authentication: Windows AD
    Logon Fail
    Logon Error: An error has occurred: java.lan.NullPointerException
    In this testing, we can conclude that the Domain Functional Level upgrade from 2000 to 2003. The MI logon will fail.
    Q1. Crystal Report XI R2 cannot run on Windows 2003 server (Domain Functional Level: 2003)?
    Q2. If Crystal Report XI R2 can run on Domain Functional Leve: 2003, how to fix our problem?
    Do you have any idea to help us?  Thanks!
    Edited by: Initiator on Jul 20, 2010 6:22 AM

  • Unable to Raise domain functional level

    I am installing a Server 2012 std.  in a single domain. The current DC is Server 2008 std. When I try to raise the domain functional level to at least 2003 it gives me an error.
    I did the save as and viewed the error message.  Apparently some time in the past they had a Server 2000 and active directory still has the entries that is preventing the domain from being raised.  I removed the old server from AD CU and restarted
    the server.  Still will not let me raise the level, same error.  Do I need to use ADSI edit and remove all the entries also?  What about DNS entries?
    Thank you for a rapid answer.
    Wade Harris

    Hi Wade,
    Please refer to following KB and check if can help you. (Please back up before all operations. That will help us to avoid unexpected issues.)
    How to remove data in Active Directory after an unsuccessful domain controller demotion
    In addition, please also use dcdiag
    command-line tool to verify domain controller health.
    If any update, please feel free to let me know.
    Hope this helps.
    Best regards,
    Justin Gu
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Domain Functional Level: 2008 R2 to 2012 R2

    My current forest and domain functional levels are 2008 R2. I know I can safely upgrade the functional levels in most cases, but I want to specifically know with regards to Lync.
    Our entire environment, including Lync, is running on Windows Server 2012 R2. (We have no domain joined clients.)
    Can I safely raise the forest and domain functional levels to 2012 R2 without impacting Lync?

    you can easily upgrade the funtional level without any issues since you have all the Domain Controllers on Win server 2008R2.
    http://support2.microsoft.com/kb/2869728/en-us
    For more details : Listed below link has the table which shows the effects of upgrading the domain functional levels to Windows 2012
    http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels
    pankaj(MCT)

  • AD FS Across Differing Domain Functional Levels

    My customer needs to implement AD FS for single sign on due to a cloud based email solution they recently implemented. The problem is, their domain controllers are Server 2003 (non-R2) at a functional level of 2003 mixed mode. They should be able to raise
    to 2003 native if necessary however. Their solution is to create a new 2008 domain and implement a two-way trust, running AD FS in the new domain serving the clients in the 2003 domain.  This way should be quicker than upgrading their current domain
    which would be a rather large project due to their size and complexity. 
    Are there any gotcha's I should know about with doing it this way?  I have verified that we can create the two-way trust between domains of these functional levels, and AD FS can service clients in a trusted domain, but I am not entirely sure if AD
    FS will care that the trusted domain is 2003 non-R2.  Can anyone confirm if this will be a feasible scenario? 
    Thanks very much!!
    Wraith

    Hi
    Wraith,
    In addition, if you are not using Windows Server 2012 or above as ADFS server, you will be fine with Windows 2003 mixed mode.
    “Since ADFS does not require Active Directory functional-level modifications to operate successfully. However, if you are using Windows NT token–based applications and
    you want a token to be generated using Kerberos Service-for-User (S4U), the domain functional level must be Windows 2000 native or Windows Server 2003”, quoted form below article:
    Appendix A: Reviewing ADFS Requirements
    http://technet.microsoft.com/en-us/library/cc778681(v=WS.10).aspx
    More information for you:
    ADFS and Domain Functional Level
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/5cc0e898-eae2-46ce-8491-5ccf61380423/adfs-and-domain-functional-level?forum=winserverDS
    ADFS requirements
    http://technet.microsoft.com/en-us/library/cc727972(v=WS.10).aspx
    Best Regards,
    Amy

  • CRM2015: AD Domain Functional Levels Ambiguity - Clarification Sought

    In the Planning and Deployment guide (page 17) It states.
    The domain where the server is located must be running in one of the following Active Directory domain functional levels:
    Windows Server 2008 Modes
    Windows Server 2008 R2 Modes
    Windows Server 2012 Modes
    For more information about Active Directory domain and forest modes, see:
    Understanding Active Directory Domain Services (AD DS) Functional Levels
    Active Directory (Windows Server 2012 R2)
    Windows 2000 Server forest and domain modes are not supported with this version of Microsoft Dynamics CRM.
    When it states Windows Server 2008 Modes, does it mean only 2008 modes, or the modes supported by 2008. As I believe one of the 2008 Modes is 2003 Native and Interim.
    Can anybody confirm if AD controllers must be 2008 or higher to support CRM?

  • Lingering 2003 DC causing Domain Functional Level Upgrade fail

    Got that one too :(
    I can't find hide nor hair of this darn beast anywhere

    Have a DEAD 2003 DC - check
    Have removed it from AD via GUI (ADUC) deletion - Check
    Cleaned up DNS - Check and double check
    Review LostandFound container in ADSI edit - Check - No objects present
    Right click Domain Name in ADUC, select Raise Domain Functional level - F A I L
    Run through NTDSUTIL Metadata cleanup steps (MS technet article) - The server object isn't there
    What am I missing here? I've gone back over DNS, searched for the computer object, rechecked ADSI LostandFound, rechecked NTDSUTIL .. I'm at a hard loss to figure out what's stopped the Functional Level upgrade.
    Any ideas?
    This topic first appeared in the Spiceworks Community

  • SCSM 2012 with 2003 domain functional level supported?

    All,
    I am running SCCM 2007. Now I need to install Service Manager 2012SP1. Domain functional level is 2003 with 2008 DC.
    will this allow me to install SCSM 2012SP1 with full features? or will it be reduced functionality?
    will there be any schema extension when I install SCSM 2012? pleas note we already have SCCM 2007 running.
    can I upgrade SCCM 2007 to SCCM 2012?  
    it would be helpful if you could share some link about whether its possible or not.
    Thanks.
    KailashC

    Thomas,
    Thanks for your response. Can I do a direct upgrade SCCM 2007 SP3 to SCCM 2012 or do I need to plan a migration? I mean fresh install SCCM 2012 and then migrate the data over ?
    Thanks.
    KailashC

  • Raising Domain Functional level

    We have 75 domain Controllers in our Org and current Domain Functional level is 2003. We have a mix setup where all versions of OS are available starting from 2003. A large no of applications are also integrated with our current Active Directory.
    My concern is, If I raise my Domain Functional level to 2008 then what are the consequences we might face in terms of accessing legacy applications.
    Please let me know the checklist which we need to follow and incase of any failure then what will be the rollback procedure.
    Looking forward for your valuable inputs. 

    Hi, 
    I agree with others. Once the Functional Level has been upgraded, new
    servers running on lower versions cannot be added
    as Domain Controllers to the domain or forest. If all the DCs in the domain is server 2008 and later version, we can raise the function level of the domain to get more advanced features.
    > If I raise my Domain Functional level to 2008 then what are the consequences we might face in terms of accessing legacy applications.
    For this question, make sure that the applications in the domain are compatible with the new functional level
    For detailed information about how to raise function level, we can refer to the following link:
    Raising the Functional Levels
    http://technet.microsoft.com/en-us/library/cc771949(v=WS.10).aspx
    Best Regards,
    Erin

  • Why domain functional level should be greater than or equal to forest FL?

    We know that domain functional level must be greater than or equal to forest functional level. Why is that so?
    My perspective is if we set FFL to windows server 2008 r2 and DFL to windows 2003, active directory recycle bin won't be available to the domain whose FL is windows 2003. Is that right?

    My perspective is if we set FFL to windows server 2008 r2 and DFL to windows 2003, active directory recycle bin won't be available to the domain whose FL is windows 2003. Is that right?
    Greetings!
    Active Directory Recycle Bin needs to be implemented in a forest with 2008 R2 forest functional level. Because it was added in 2008 R2 operating system. In order to have a 2008 R2 forest functional level you need to raise all the child domains DFL's first.
    Regards.
    Mahdi Tehrani   |  
      |  
    www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as
    and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.
    How to query members of 'Local Administrators' group in all computers?

  • Domain functional level upgraded to 2008 r2 native mode but query states 2003

    Nothing :(

    I raised the domain functional level last night to 2008 r2 native mode and after allowing everything to sync i ran the command get-addomain .domainmode and it came back ast windows2003forest. 
    I dont understand why it is showing up this way, we removed all of the 2003 domain controllers and server from our network before doing this...Any suggestions?
    This topic first appeared in the Spiceworks Community

  • Exchange Server 2003 SP2 - Forest and Domain Functional Level Limitations

    Hi All
    Bit of a legacy question and theres not much clarity out there..
    I need to confirm the highest DFL and FFL Supported by Microsoft for Exchange 2003 SP2?
    We currently have a mix of 2003 R2 and 2008 R2 domain controllers with the FFL and DFL currently set at 2003 R2.
    The plan is to move to Exchange 2010 in the very near future, so the question is do we need to wait until we upgrade to Exchange 2010 Before upgrading the DFL and FFL to 2008 R2?
    From what Ive read we will need to complete the Exchange upgrade first before moving forward with the functional level upgrades..
    Thanks in advance
    Bull

    Hi Bull,
    As Ed mentioned, Exchange server 2003 and Exchange 2010 support Windows Server 2003 domain functional level and Windows Server 2003 forest functional level, also supported in higher environment.
    More details about it, please refer to “Supported Active Directory environment” section:
    http://technet.microsoft.com/en-us/library/ff728623(v=exchg.150).aspx
    Note that we cannot add new DCs which are the less version of Windows Server
    cannot be added to the domain or forest. More details about
    the Impact of Upgrading the Domain or Forest Functional Level, for your reference:
    http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
    Best Regards,
    Allen Wang

  • Lync 2013 and Raising Forest/Domain Functional Level?

    My current forest and domain functional levels are 2008 R2. I know I can safely upgrade the functional levels in most cases, but I want to specifically know with regards to Lync.
    Our entire environment, including Lync, is running on Windows Server 2012 R2. (We have no domain joined clients.) We are running Lync 2013 Standard with all the latest updates.
    Can I safely raise the forest and domain functional levels to 2012 R2 without impacting Lync?

    Hi,
    Yes, you can raise Forest and domain function level to Windows Server 2012 R2 without issue.
    After raising Forest\domain function level, the new features that rely on the functional level are generally limited to AD itself. Regardless, changing the Domain or Forest Functional Level should have no impact on an application that depends on
    Active Directory.
    More details:
    http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

Maybe you are looking for