2003 forest/domain level

I am currently looking at upgrading our domain from 2003 to 2012.  I currently have 4 domain controllers spread out and all replication is healthy.  I have two 2003 domain controllers and two 2008rs domain controllers.  I need to know what
is the best practice for promoting a 2012r2 server to a DC and would that cause log on issues?
I've read some articles online that state all the current domain controllers should be fully updated before bringing in a 2012 domain controller.  Can someone point me in the right direction?  Are there articles I can read regarding this?
Thank you

Hi
CRMNoon,
If you want to have a 2012 forest and domain level you need to have 2012 DC's only.
Make sure your domain is healthy. Then when promoting a server 2012 R2 to a DC, you need to consider the current environment and which domain controllers are for the FSMO roles placement.
http://community.spiceworks.com/how_to/57636-migrate-active-directory-from-server-2003-to-server-2012-r2
Here is the link for Active Directory Migration from Windows Server 2003 to Windows Server 2012 R2:
http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
Know issues for upgrading Domain Controllers to Windows Server 2012 R2
https://technet.microsoft.com/en-us/library/hh994618.aspx#BKMK_KnownIssues

Similar Messages

  • Windows 2008 R2 domain controllers with Windows 2003 forest functional level Supported after Windows 2003 support ends in July 2015

    Hi
    Anyone knows whether Windows 2008 R2 domain controllers with Windows 2003 forest functional level will still be Supported after Windows 2003 support ends in July 2015 ?
    Thanks

    When Windows Server 2003 support ends, you should not have a Windows Server 2003 Domain Controller running if you would like to be supported by Microsoft. This means that there will be no reason to have a DFL or FFL that is lower than Windows Server 2008.
    So, if you are keeping Windows Server 2003 FFL to keep DCs running Windows Server 2003 then this is not supported.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Existing 2003 forest functional level -- 2012 forest functional level in production environment?

    Hello experts!  
    A quick question if it can be one:
    Is it possible to raise a forest functional level from 2003 to 2012 in a production environment (only 2003 DCs with existing roles to only 2012 DCs)?  If so, is there a standard implementation of the upgrade process
    (migration of roles, migration tools, etc.)?
    many thanks!
    David

    hi,
    Thanks for posting. 
    Sorry i don't know if i am understanding your question. Are you talking about upgrading your DC's in your current forest to 2012 then raising the functional level? 
    If so, first of all you can only raise the forest and domain functional levels when all DC's in the forest and domain are at 2012 or higher. 
    To get your domain unto 2012 DC's there are a couple of paths you can adopt, but generally the simplest is:
    1. Introduce your first 2012 / 2012 R2 DC into your existing domain, this will extend the schema with the additional attributes that are required to 2012 - this is an automatic process during promotion of your first 2012 DC.
    2. Go through and start replacing your existing domain controllers. You don't normally do an inlace upgrade, the preferred method would be to use different hardware, built up the new DC to replace your existing one, then demote the existing one - keep going
    through this process until all your DC's are 2012.
    NB: which ever DC(s) currently holds the FSMO roles you will need to transfer these to one of your new 2012 DC's before you decommission that one. 
    if i've got what you were asking wrong, please let me know, otherwise hopefully this helps.
    Regards,
    Denis Cooper
    MCITP EA - MCT
    Help keep the forums tidy, if this has helped please mark it as an answer
    Blog: http://www.windows-support.co.uk 
    Twitter:   LinkedIn:

  • Prepare 2003 Forest/Domain for 2008 R2 or 2012 Domain Controllers

    Hi,
    I would be grateful if you could help me with this:
    We have a single Forest/Single Domain structure which is managed by 4 Windows Server 2003 Std Edition. We are now trying to add a Server 2008 R2 as a domain controller. I have followed lots of articles on MS and other website with regards to preparing the
    Forest and domain before promoting the new server and here is what I got so far:
    Schema master - Windows 2003 SE
    FFL/DFL both set to 2003
    Run Adprep32.exe (found it on 2008 R2 disc) /forestprep and the outcome was:
    lDAPDisplayName "uidNumber" defined for object "CN=VintelauidNumber,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk" conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the lDAPDisplayName value uidNumber and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    OID "1.3.6.1.1.1.1.0" defined for object CN=Vintela-uidNumber,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the OID value "1.3.6.1.1.1.1.0" and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    lDAPDisplayName "gidNumber" defined for object "CN=Vintela-gidNumber,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk" conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the lDAPDisplayName value gidNumber and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    OID "1.3.6.1.1.1.1.1" defined for object CN=Vintela-gidNumber,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the OID value "1.3.6.1.1.1.1.1" and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    lDAPDisplayName "gecos" defined for object "CN=Vintela-gecos,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk" conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the lDAPDisplayName value gecos and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    OID "1.3.6.1.1.1.1.2" defined for object CN=Vintela-gecos,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the OID value "1.3.6.1.1.1.1.2" and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    lDAPDisplayName "unixHomeDirectory" defined for object "CN=Vintela-homeDirectory,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk" conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the lDAPDisplayName value unixHomeDirectory and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    OID "1.3.6.1.1.1.1.3" defined for object CN=Vintela-homeDirectory,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the OID value "1.3.6.1.1.1.1.3" and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    lDAPDisplayName "loginShell" defined for object "CN=VintelaloginShell,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk" conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the lDAPDisplayName value loginShell and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    OID "1.3.6.1.1.1.1.4" defined for object CN=Vintela-loginShell,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the OID value "1.3.6.1.1.1.1.4" and resolve this inconsistency.  Then run adprep again.
    On the Schema master, run AD Schema, MMC and deactivated the object for Vintela. run the adprep32 /forestprep again and still the same result.
    Would you please advise what else can/must be done? anyone knows anything on Vintela (Quest VAS) and how to get rid of it?
    thanks for your help in advance.

    Hi,
    Thanks for your post.
    In this case, the most cause may be the OIDS are in conflict with the 2008 /forestprep. Could you please let me know if the forest functional level is 2003? If not, please raise it to 2003.
    For the information about how to raise functional level, please refer to the articles as below:
    What Are Active Directory Functional Levels?
    http://technet.microsoft.com/en-us/library/cc787290(WS.10).aspx
    Raise the Domain Functional Level
    http://technet.microsoft.com/en-us/library/cc753104.aspx
    Raise the Forest Functional Level
    http://technet.microsoft.com/en-us/library/cc730985.aspx
    What is the Impact of Upgrading the Domain or Forest Functional Level?
    http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
    Besides, for the best practice, we can back up all domain controllers’ system state for the unexpected issues. Here is one article related to backup Active Directory.
    Backing up Active Directory
    http://technet.microsoft.com/en-us/library/cc961924.aspx
    I hope this information is helpful for you. If there is anything that requires further clarification, please don’t hesitate to let me know.
    Best regards,
    Ann
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Things to be considered before AD - domain and forest functional level upgrade (win 2003 to 2008 R2)

    Hi
    Recently we introduced Windows 2008 R2 DCs and decommissioned old Windows 2003 domain controllers. Since we are not sure about the application compatibility (both MS and 3rd party) many times we postponed the plan to upgrade the DFL and FFLs. We found Jonathan's
    blog (http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx),
    whcih clearly says the upgrade won't affect any applications. But just to confirm this with the experts we are posting this concern once again. We have Exchange 2010 / Shrepoint / SQL / SAP etc..(also 2 X windows 2000 servers)
    Please let us know from your real experiance - in production environment how a upgrade from 2003 to 2008 R2 (belive we can able to upgarde both FFL and DFLs from Win 2003 to Win 2008 R2) affects existing applications.
    Thanks in advance
    LMS

    I might be able to help with Exchange. What service pack?
    Most likely, there should be no problem. The Exchange compability matrix shows that (with SP2 and SP3) it is compatible with Windows 2008 R2 domain controllers and 2008 R2 domain and forest functional levels.
    I'm *working on* an Exchange 2010 migration but if you want someone who *has* such a combination (2008 R2 DFL/FFL and Exchange 2010), you could ask in the Exchange forum.
    I'm sure, though, that such a combination is actually quite common.
    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  • The specified forest functional level is invalid. "Lync Server" requires forests running in Windows 2003 mode or higher.

    Dear Support Team,
    i am having the error ''The specified forest functional level is invalid. "Lync Server" requires forests running in Windows 2003 mode or higher'' from lync 2013 during the schema master prepare on windows server 2008r2 and my forest functional
    level are 2008r2.. so can you help me please...?

    Dear Support Team,
    in my network there are one forest and two domain controller (primary and secondary).. my domain functional
    level is windows server 2008r2.. but i am still receiving error.. when i hit the run button for schema prepare its says:
    ServerSchemaPrepareTask execution failed on an unrecoverable error.
    and when i open log it sasys: 
    Error: The specified forest functional level is invalid. "Lync Server" requires forests running in Windows 2003 mode or higher.
    kindly help me

  • Domain / Forest functional levels

    I've done some research but really need someone to tell me I've got this right in my head...
    I've got 2 domains in the forest, the forest functional level is 2003. Here's the setup:
    domain1.local
    root domain
    2 DCs running W2K8R2
    DFL - 2003
    domain2.local
    1 DC running W2012R2
    1 DC running W2K3 (soon to be retired)
    DFL - 2003
    Can I upgrade the DFL of domain1 to 2008R2?
    Can I upgrade the FFL to 2008R2 while maintaining trust?
    Do the domain and forest functional levels have to match?
    Thanks in advance for any answers!

    > Can I upgrade the DFL of domain1 to 2008R2?
    Yes.
    > Can I upgrade the FFL to 2008R2 while maintaining trust?
    Yes.
    > Do the domain and forest functional levels have to match?
    No.
    Martin
    Mal ein
    GUTES Buch über GPOs lesen?
    NO THEY ARE NOT EVIL, if you know what you are doing:
    Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))

  • Raising Domain Functional / Forest Functional Levels

    Hi guys,
    I've upgraded my AD servers to Windows 2012 and have removed all the Windows 2003 servers in my network.
    However, I wish to implement fine grained password policy. However, my Forest and Domain Functional levels are still at 2003. The minimum requirement for fine grained password policy states that the domain functional level must be set to
    Windows Server 2008 or higher.
    How do I go about raising the Forest / Domain functional level? Which functional level should I raise first (the forest or domain)? Will there be any downtime and implications if I were to perform the raise?
    Thanks guys!!

    Hi guys,
    I've upgraded my AD servers to Windows 2012 and have removed all the Windows 2003 servers in my network.
    However, I wish to implement fine grained password policy. However, my Forest and Domain Functional levels are still at 2003. The minimum requirement for fine grained password policy states that the domain functional level must be set to
    Windows Server 2008 or higher.
    How do I go about raising the Forest / Domain functional level? Which functional level should I raise first (the forest or domain)? Will there be any downtime and implications if I were to perform the raise?
    Thanks guys!!
    There will be no downtime when raising your Domain Functional Level or Forest Functional Level.
    All you need to know is that by raising your DFL to Windows Server 2008 or higher, you will not be able to set it back to Windows Server 2003 without a recovery from backup (This is not a reversible operation without restore). Also, you will need to have
    DCs that are running OSs with the same level as your DFL or higher.
    If you are not planning to add DCs that are running OSs lower than Windows Server 2012 then simply raise your DFL and FFL to Windows Server 2012. FYI, as long as you have not enabled AD recycle Bin, you can downgrade the DFL and FFL to Windows Server 2008.
    More about the benefits you can take by raising your DFL and FFL here: https://technet.microsoft.com/en-gb/library/understanding-active-directory-functional-levels(v=ws.10).aspx
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Which domain and forest functional level is supportted for the "Active Directory Resource Pool Synchronization"?

    Hi all,
    I'd like to confirm which Domain/Forest functional levels of Active Directory is supported for "Active Directory Resource Pool Synchronization" in Project Server 2013.
    I guess that 2003 or later is supported, but my customer required reliable sources.
    I googled and searched article at TechNet, but I couldn't find.
    Could anyone inform me the article about that?
    Thank you in advance.
    Kaori.

    Hi Michael and all,
    Anyway I solved this issue.
    I couldn't find article that I desired, so I asked advice to my colleagues and they told that the functional level 2003 or later are supported in their experience.
    In addition, I found these articles about SharePoint sync limitations.
    Members of the domain local group cannot view a Microsoft Office SharePoint Server 2007 Web site
    http://support.microsoft.com/kb/932378/en-us
    SharePoint supportability of Read only Domain controllers
    http://support.microsoft.com/kb/970612

  • Constrained Delegation for MBAM Web User with 2003 Domain Level?

    Hi,
    i installed MBAM 2.5 in our environment and now stopped at the point where i should configure constrained delegation for the mbam web application pool account. I cannot find the delegation Tab in the user properties within Active Directory. Our domain is
    (unfortunately) still running Windows Server 2003 Domain Level. Is it maybe related to this? Within my test environment (Domain Level 2012 R2) it is working fine.
    Is there any other chance to configure constrained delegation in my situation?
    Thanks
    Stefan

    I found an older MSDN blog post that may help in this situation. It states that the delegation tab does not show up until there is at least one value set in the servicePrincipaName attribute.
    Delegation tab in ADUC not available until a SPN is set
    Hope this helps,
    David
    MDOP on the Springboard Series on TechNet

  • Lync 2013 and Raising Forest/Domain Functional Level?

    My current forest and domain functional levels are 2008 R2. I know I can safely upgrade the functional levels in most cases, but I want to specifically know with regards to Lync.
    Our entire environment, including Lync, is running on Windows Server 2012 R2. (We have no domain joined clients.) We are running Lync 2013 Standard with all the latest updates.
    Can I safely raise the forest and domain functional levels to 2012 R2 without impacting Lync?

    Hi,
    Yes, you can raise Forest and domain function level to Windows Server 2012 R2 without issue.
    After raising Forest\domain function level, the new features that rely on the functional level are generally limited to AD itself. Regardless, changing the Domain or Forest Functional Level should have no impact on an application that depends on
    Active Directory.
    More details:
    http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

  • Active Directory Cross Forest Domain Migration

    Dear All,
    We are in the process to rebuild new Active Directory infrastructure. Multiple single forest domains in organization which needs to be consolidated/migrated on single Active Directory Domain. For this consolidation, have some queries to be addressed before
    going to start consolidation.
    What is the best practices and what tool should we use for domain migration/consolidation
    Active directory is on Windows 2003, forest and domain level is on Windows 2003, this will support to Windows 2012 R2 forest and domain functional level, will be migrated
    directly from windows 2003 to windows 2012?
    When move users to new domain, how will they access the other resources on the network. For e.g. Printer, File server, local web base application
    After moving some computers to new domain would be possible to access remaining computers on old domain?
    How the file server data will be moved? Best practices with NTFS folder permissions and users rights?
    Is there any policy to register network printers on new Active Directory domain?
    How users would be access web base application on new domain as their FQDN would be define with old domain name? Any option to change old domain FQDN with new domain that would be describe with any URL link?
    Kindly give your valuable input to meet the desire result.
    Thanks in Advance.

    Dear Lucky,
     Ya you can Migrate contents from multiple forest domain. Using ADMT (Active Directory Migration Tool)is the best way to migrate AD content. But you can't migrate from Windows Server 2003 to Windows Server 2012 R2, cause in Windwos Server 2012 R2 don't
    have the supportebility of Windows Sever 2003.And not only users you can also migrate all others info (i.e. Computer object info, groups info, Exchange mailbox info, security info).You can migrate users face by face, means which peoples are in old domain they
    can access old domain and new users are in new domain.For more info please follow the given link:
    http://technet.microsoft.com/en-us/library/cc974332(v=WS.10).aspx
    Mithun Dey Web: http://cloudmithun.wordpress.com If this may give your necessary resolution please mark it as Answre.

  • Raise the Forest functional level

    I am running one Domain Controller on Windows Server 2012 R2 DataCenter.  Right now both the forest functional level and the domain functional level is at Server 2003.  I want to raise both the forest functional level and the domain functional
    level to Server 2008 R2.  
    Question:  Do I need to update the Schema before I try to Raise the forest functional level or before I try to Raise the domain functional level?
    Question: Once I Raise both the forest functional level to Server 2008 R2 it is best to not move past that point to Server 2012 R2. I only have one Domain Controller in the domain?  
    Van R. Johnson

    Question:  Do I need to update the Schema before I try to Raise the forest functional level
    or before I try to Raise the domain functional level?
    No, the schema is already updated.
    Question: Once I Raise both the forest functional level to Server 2008 R2 it is best to not move
    past that point to Server 2012 R2. I only have one Domain Controller in the domain?  
    By raising your DFL and FFL to Windows Server 2008 R2, you will no longer be able to have a DC running an OS that is lower than Windows Server 2008 R2 (You can lower that to Windows Server 2008 as long as AD Recycle Bin is not enabled). As this the only
    DC within your domain / forest then simply raise the DFL and FFL to Windows Server 2012 R2 (You can lower it later if required) and that way you can take full advantages of what is mentioned here: https://technet.microsoft.com/en-gb/library/understanding-active-directory-functional-levels(v=ws.10).aspx
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Domain Level and Backup AD as VM?

    We're currently running Windows 2012 R2 Essentials (25 users license default) as the DC.  We're thinking to have the 2008R2 as the secondary (backup) DC.  Questions are:
    1. We have AD recycle bin enable, would it cause any issues lower the domain level to 2008R2?
    2. Can 2008R2 run as a VM on a Hyper-V (the host is 2008R2 and part of the domain, but not DC)?
    Thank you,

    Yes you can run a VM and promote it as a Domain Controller, however if your domain / forest functional level is set to Windows Server 2012 then you cannot have a Windows Server 2008 R2 as a domain Controller. For this you need to have Windows Server 2008
    R2 domain functional Level.
    Domain Functional Level and Forest Functional level cannot be downgraded. if it's already set to Server 2012 functional level then you cannot downgrade it to 2008 R2. Please go ahead and check what's ur Forest & Domain functional Level
    https://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx
    https://msdn.microsoft.com/en-us/library/cc753104.aspx
    https://msdn.microsoft.com/en-us/library/cc730985.aspx
    Nirmal Madhawa Thewarathanthri
    Sorry but you are wrong.  I just lowered the levels to 2008R2.

  • Domain Level

    What domain level does the domain need to be for you to be able to sign in with a domain account on a Windows Technical Preview for Enterprise pc?  I installed Windows technical preview for enterprise on a pc and joined it to our domain which is 2003. 
    When I log onto the pc it doesn't create a profile, it only creates a Temp profile.

    Yes, we have Windows Small Business Server 2003 and the domain level is set to 2003.  So after joining the Windows Technical Preview for Enterprise PC to the domain it only creates a temp profile not a legit user profile. 

Maybe you are looking for

  • Xtrafinder seems to have broken my 'list view' in Finder. Please Help.

    I'm using 10.9.4. I installed XtraFinder a couple of days ago and instantly my Finder didn't work in list view or column view I can still use it in icon view but none of the others I've attached an image as an example of what happens when I switch to

  • Not able to download or access account info

    Hi, For the past few days I have not been able to download songs from iTunes.  Furthermore, it seems that I cannot access my account information either, despite the fact that iTunes shows me as being logged in and displays my $$ balance.  When I sele

  • Why would my PDF Form print out the tab order on top of my form fields?

    When this user prints out the filled out PDF form we created, it prints the tab order as a little square numbered box right on top of the form field entry.  The tab order prints over all types of fields, text entry fields, check box fields, etc. I am

  • Dynamic user profile

    I have installed and configured Kanaka plug-in and my nds users can now login and see their home folders. However, they cannot launch any local applications eg. TextEdit generates a message "TextEdit quit unexpectedly" and so does Opera, Firefox alwa

  • OM Sales Order Header should be Closed Immediately after Lines are closed

    Hi, OM Sales Order Header should be Closed Immediately after Lines are closed. Could you tell me how to modify the header workflow, if anyone has done this...could you please share. Thanks