Unable to Raise domain functional level

I am installing a Server 2012 std.  in a single domain. The current DC is Server 2008 std. When I try to raise the domain functional level to at least 2003 it gives me an error.
I did the save as and viewed the error message.  Apparently some time in the past they had a Server 2000 and active directory still has the entries that is preventing the domain from being raised.  I removed the old server from AD CU and restarted
the server.  Still will not let me raise the level, same error.  Do I need to use ADSI edit and remove all the entries also?  What about DNS entries?
Thank you for a rapid answer.
Wade Harris

Hi Wade,
Please refer to following KB and check if can help you. (Please back up before all operations. That will help us to avoid unexpected issues.)
How to remove data in Active Directory after an unsuccessful domain controller demotion
In addition, please also use dcdiag
command-line tool to verify domain controller health.
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Similar Messages

  • Raise domain functional level

    Hi All,
      What all that need to be considered before raising domain / forest functional level.

    Hi channavera,
    Some items that you want to consider are what OS are you running for all your DC's in the domain/forest. This is important, since you have to have a certain level for the functional level. For example, if you want to raise up to functional level of 2012,
     you will need to make sure any DC's running 2008 or lower are upgraded before you do so. Raising the functional level will change up the schema for the domain, making it incompatible with the lower OS's.  If you are going to continue to run 2008
    server in the domain/forest, you will want to only raise the functional level to 2008.  Also, keep in mind, you cannot go to a lower functional level (i.e. if you go to 2012, you cannot go back to 2008) except under very specific circumstances.  
    I know what I brought up is not the only consideration, but a big one, as it basically determines what functional level you want to use for the domain/forest.
    Also, this technet site goes over what changes for each level. Understanding AD Functional levels

  • Raising Domain Functional level

    We have 75 domain Controllers in our Org and current Domain Functional level is 2003. We have a mix setup where all versions of OS are available starting from 2003. A large no of applications are also integrated with our current Active Directory.
    My concern is, If I raise my Domain Functional level to 2008 then what are the consequences we might face in terms of accessing legacy applications.
    Please let me know the checklist which we need to follow and incase of any failure then what will be the rollback procedure.
    Looking forward for your valuable inputs. 

    Hi, 
    I agree with others. Once the Functional Level has been upgraded, new
    servers running on lower versions cannot be added
    as Domain Controllers to the domain or forest. If all the DCs in the domain is server 2008 and later version, we can raise the function level of the domain to get more advanced features.
    > If I raise my Domain Functional level to 2008 then what are the consequences we might face in terms of accessing legacy applications.
    For this question, make sure that the applications in the domain are compatible with the new functional level
    For detailed information about how to raise function level, we can refer to the following link:
    Raising the Functional Levels
    http://technet.microsoft.com/en-us/library/cc771949(v=WS.10).aspx
    Best Regards,
    Erin

  • Lingering 2003 DC causing Domain Functional Level Upgrade fail

    Got that one too :(
    I can't find hide nor hair of this darn beast anywhere

    Have a DEAD 2003 DC - check
    Have removed it from AD via GUI (ADUC) deletion - Check
    Cleaned up DNS - Check and double check
    Review LostandFound container in ADSI edit - Check - No objects present
    Right click Domain Name in ADUC, select Raise Domain Functional level - F A I L
    Run through NTDSUTIL Metadata cleanup steps (MS technet article) - The server object isn't there
    What am I missing here? I've gone back over DNS, searched for the computer object, rechecked ADSI LostandFound, rechecked NTDSUTIL .. I'm at a hard loss to figure out what's stopped the Functional Level upgrade.
    Any ideas?
    This topic first appeared in the Spiceworks Community

  • Raising the functional level on a large forest/domain with a DC offline?

    Hello All
    I've done what research that I can and haven't been able to find a definitive answer outside of people purposely taking a DC offline while raising the functional level of a forest in case they need to do an authorative restore, but I have a bit of a different
    situation and I just need to confirm something.
    I have to perform the task on a very large AD infrastructure that includes 90+ domain controllers globally and I've run into a scheduling conflict that is out of my control. One of the locations overseas will be going through some maintenance during
    my time window when I will be raising the functional level of the forest and domain.
    The question is, what happens to the DC that is offline during this period? Once it is restarted, do the changes replicate to that DC, or do I need to perform the task in place for that DC? If anyone has any links or instructions on how to bring a DC online
    after the functional level of both the forest and domain have been raised, please let me know.

    The DC can be offline and it won't be an issue.  when it comes back online the changes should replicate to it.  Just don't keep it offline longer than the tombstonelifetime.
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security, BS CSci
    2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
    Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
    Please no e-mails, any questions should be posted in the NewsGroup.
    This posting is provided AS IS with no warranties, and confers no rights.

  • Raising Domain Functional / Forest Functional Levels

    Hi guys,
    I've upgraded my AD servers to Windows 2012 and have removed all the Windows 2003 servers in my network.
    However, I wish to implement fine grained password policy. However, my Forest and Domain Functional levels are still at 2003. The minimum requirement for fine grained password policy states that the domain functional level must be set to
    Windows Server 2008 or higher.
    How do I go about raising the Forest / Domain functional level? Which functional level should I raise first (the forest or domain)? Will there be any downtime and implications if I were to perform the raise?
    Thanks guys!!

    Hi guys,
    I've upgraded my AD servers to Windows 2012 and have removed all the Windows 2003 servers in my network.
    However, I wish to implement fine grained password policy. However, my Forest and Domain Functional levels are still at 2003. The minimum requirement for fine grained password policy states that the domain functional level must be set to
    Windows Server 2008 or higher.
    How do I go about raising the Forest / Domain functional level? Which functional level should I raise first (the forest or domain)? Will there be any downtime and implications if I were to perform the raise?
    Thanks guys!!
    There will be no downtime when raising your Domain Functional Level or Forest Functional Level.
    All you need to know is that by raising your DFL to Windows Server 2008 or higher, you will not be able to set it back to Windows Server 2003 without a recovery from backup (This is not a reversible operation without restore). Also, you will need to have
    DCs that are running OSs with the same level as your DFL or higher.
    If you are not planning to add DCs that are running OSs lower than Windows Server 2012 then simply raise your DFL and FFL to Windows Server 2012. FYI, as long as you have not enabled AD recycle Bin, you can downgrade the DFL and FFL to Windows Server 2008.
    More about the benefits you can take by raising your DFL and FFL here: https://technet.microsoft.com/en-gb/library/understanding-active-directory-functional-levels(v=ws.10).aspx
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Lync 2013 and Raising Forest/Domain Functional Level?

    My current forest and domain functional levels are 2008 R2. I know I can safely upgrade the functional levels in most cases, but I want to specifically know with regards to Lync.
    Our entire environment, including Lync, is running on Windows Server 2012 R2. (We have no domain joined clients.) We are running Lync 2013 Standard with all the latest updates.
    Can I safely raise the forest and domain functional levels to 2012 R2 without impacting Lync?

    Hi,
    Yes, you can raise Forest and domain function level to Windows Server 2012 R2 without issue.
    After raising Forest\domain function level, the new features that rely on the functional level are generally limited to AD itself. Regardless, changing the Domain or Forest Functional Level should have no impact on an application that depends on
    Active Directory.
    More details:
    http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

  • What is the effect if I Raise my domain functional level to Windows Server 2012 R2 ?

    Hi,
    my current servers:
    Domain Controllers= Windows Server 2012 R2 (current domain functional level is windows 2008 R2)
    Mail servers= Exchange 2010 SP3 on Windows 2008 R2
    Lync= Lync 2010 on Windows server 2008 R2
    What is the effect if I Raise my domain functional level to Windows Server 2012 R2 ?
    I am very worried about Exchange & Lync if we do this action
    please advice

    Do not raise the forest functional level higher if you have or will have any domain controllers running
    an earlier version of Windows Server , which is (windows Nt4.0,  Window 2000 or windows 2003)
    but as a matter of fact I dont see any of those in your network so you can easily upgrade the funtional level without any issues
    Listed below link has the table which shows the effects of upgrading the domain functional levels to Windows 2012
    http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels
    http://www.arabitpro.com

  • Domain Functional Level: 2008 R2 to 2012 R2

    My current forest and domain functional levels are 2008 R2. I know I can safely upgrade the functional levels in most cases, but I want to specifically know with regards to Lync.
    Our entire environment, including Lync, is running on Windows Server 2012 R2. (We have no domain joined clients.)
    Can I safely raise the forest and domain functional levels to 2012 R2 without impacting Lync?

    you can easily upgrade the funtional level without any issues since you have all the Domain Controllers on Win server 2008R2.
    http://support2.microsoft.com/kb/2869728/en-us
    For more details : Listed below link has the table which shows the effects of upgrading the domain functional levels to Windows 2012
    http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels
    pankaj(MCT)

  • AD FS Across Differing Domain Functional Levels

    My customer needs to implement AD FS for single sign on due to a cloud based email solution they recently implemented. The problem is, their domain controllers are Server 2003 (non-R2) at a functional level of 2003 mixed mode. They should be able to raise
    to 2003 native if necessary however. Their solution is to create a new 2008 domain and implement a two-way trust, running AD FS in the new domain serving the clients in the 2003 domain.  This way should be quicker than upgrading their current domain
    which would be a rather large project due to their size and complexity. 
    Are there any gotcha's I should know about with doing it this way?  I have verified that we can create the two-way trust between domains of these functional levels, and AD FS can service clients in a trusted domain, but I am not entirely sure if AD
    FS will care that the trusted domain is 2003 non-R2.  Can anyone confirm if this will be a feasible scenario? 
    Thanks very much!!
    Wraith

    Hi
    Wraith,
    In addition, if you are not using Windows Server 2012 or above as ADFS server, you will be fine with Windows 2003 mixed mode.
    “Since ADFS does not require Active Directory functional-level modifications to operate successfully. However, if you are using Windows NT token–based applications and
    you want a token to be generated using Kerberos Service-for-User (S4U), the domain functional level must be Windows 2000 native or Windows Server 2003”, quoted form below article:
    Appendix A: Reviewing ADFS Requirements
    http://technet.microsoft.com/en-us/library/cc778681(v=WS.10).aspx
    More information for you:
    ADFS and Domain Functional Level
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/5cc0e898-eae2-46ce-8491-5ccf61380423/adfs-and-domain-functional-level?forum=winserverDS
    ADFS requirements
    http://technet.microsoft.com/en-us/library/cc727972(v=WS.10).aspx
    Best Regards,
    Amy

  • Cannot Replicate after upgrading domain functional level

    Hello, 
    Parent and child domain. Parent domain (forest) still in domain functional level 2003. However, child domain i just updated to domain functional level 2008 R2. Now replication is not working. I believe the issue is dns, but i do not know what could be different
    the names have not changed? This is a two way transitive trust between domains.
    Frequent messages from dcdiag dns, are 
    no DNS RPC connectivity (although i have tried restarting dcom, netbios and frs)
    Also in event viewer many 13508 errors
    Any help is greatly appreciated thank you.

    Have you restarted the DCs after that you raised the functional level? The password of the krbtgt account is reset when the DFL is raised from 2003 -> and sometimes the DCs need to be restarted for the authentication to succeed up to the root.
    If you from a Windows Server 2008 R2 DC run dcdiag /test:dns /E dose it report any errors?
    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog

  • Error Domain functional level

    Hi i have that error in my Domain Controller. Install Windows
    Server 2012 R2, and I want to raise the functional level.
    This Domain Controller no longer exists,
    but is within the domain.
    To update the domain functional level, the Active Directory Domain Controllers in the domain must be running the appropriate version of windows.
    domain Name
    xxxxxx.local
    Current domain functional level
    Windows Server 2008
    The following Active Directory Domain Controllers are running earlier versions of windows:
    domain Name    AD DC    Version of Windows
    xxxxxxx.local    server.xxxxxx.local    Windows Server® 2008 Standard 6.0 (6001)
    that I can
    do?

    it might be in the "LostAndFoundConfig" container in the Configuration partition.
    Something like this should be logged:
    Event Type: Warning
    Event Source: NTDS General
    Event Category: Directory Access
    Event ID: 1723
    Date: 6/4/2005
    Time: 7:39:52 AM
    User: NTDEV\A1ADCH
    Computer: NTDEV-DC-07
    Description:
    Active Directory failed to raise the functional level of the domain or forest
    because the following domain controller is at a lower functional level.
    Object (forest or domain):
    DC=ntdev,dc=corp,DC=microsoft,DC=com
    NTDS Settings object of domain controller:
    CN=NTDS Settings,CN=LostAndFoundConfig,CN=Configuration,DC=ntdev,DC=corp,DC=com
    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Delete the 'NTDSA' object from the "LostAndFoundConfig" container using ADSIEdit.
    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog

  • Why domain functional level should be greater than or equal to forest FL?

    We know that domain functional level must be greater than or equal to forest functional level. Why is that so?
    My perspective is if we set FFL to windows server 2008 r2 and DFL to windows 2003, active directory recycle bin won't be available to the domain whose FL is windows 2003. Is that right?

    My perspective is if we set FFL to windows server 2008 r2 and DFL to windows 2003, active directory recycle bin won't be available to the domain whose FL is windows 2003. Is that right?
    Greetings!
    Active Directory Recycle Bin needs to be implemented in a forest with 2008 R2 forest functional level. Because it was added in 2008 R2 operating system. In order to have a 2008 R2 forest functional level you need to raise all the child domains DFL's first.
    Regards.
    Mahdi Tehrani   |  
      |  
    www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as
    and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.
    How to query members of 'Local Administrators' group in all computers?

  • Domain functional level upgraded to 2008 r2 native mode but query states 2003

    Nothing :(

    I raised the domain functional level last night to 2008 r2 native mode and after allowing everything to sync i ran the command get-addomain .domainmode and it came back ast windows2003forest. 
    I dont understand why it is showing up this way, we removed all of the 2003 domain controllers and server from our network before doing this...Any suggestions?
    This topic first appeared in the Spiceworks Community

  • Hyper-v 2012 R2 Live migration issue in 2003 Domain function Level

    hi Team ,
    i recently build 2012 R2 Hyper-v Cluster with three node. Everrything working fine with out any issue . Cluster working also fine. Later i came across one issue when tried to Live migration virtual machine from one host to another . it failed all the time
    while quick migration is working . i gone through few articles and find it is known issue with hyper-v 2012 R2 where domain functional level is set to 2003 . although they have provided Hotfix but no solution.
    http://support.microsoft.com/kb/2838043
    Please let me know if any one face similar issue and able to resolve by any hotfix. My host are updated .
    Thanks
    Ravindra
    Ravi

    Hi Ravi1987,
    The KB2838043 is applied for Server 2012 node, Could you offer us the related cluster error event id, or you can refer the following article to check your cluster
    network binding order is correct or not.
    Configuring Windows Failover Cluster Networks
    http://blogs.technet.com/b/askcore/archive/2014/02/20/configuring-windows-failover-cluster-networks.aspx
    You can try to install recommended hotfixes and updates for Windows Server 2012 R2-based failover clusters first, then monitor this issue again.
    The KB download:
    Recommended hotfixes and updates for Windows Server 2012 R2-based failover clusters
    http://support.microsoft.com/kb/2920151
    More information:
    Windows Server 2008 R2 Live Migration – “The devil may be in the networking details.”
    http://blogs.technet.com/b/askcore/archive/2009/12/10/windows-server-2008-r2-live-migration-the-devil-may-be-in-the-networking-details.aspx
    I’m glad to be of help to you!

Maybe you are looking for