DFS? Raising Forest level to 2008

I have recently upgraded my domain controllers to Server 2008R2. We currently have one 2008 R2 DFS server that was setup on the 2003 domain. Do I need to do anything to the DFS server before I raise the function level of the from 2003 to 2008?
Thank you,
Cecil

Hi Cecil,
Based on my understanding, we don’t need to do much about the DFS server before upgrading.
 I guess that our target focuses on whether we can utilize the complete DFS feature after we upgrade our domain or forest function level to Windows Server 2008.
In fact, after we upgrade our domain or forest function level to Windows Server 2008, we need to manually enable DFS-Replication and DFS-Namespace.
Regarding DFS feature, the following thread can be referred to as reference.
Windows Server 2008 R2 DFS features
http://social.technet.microsoft.com/Forums/windowsserver/en-US/30c7c282-3504-429f-83e6-b8b88f3d20a2/windows-server-2008-r2-dfs-features?forum=winserverDS
In addition, regarding DFS, the following article can also be referred to for more information.
DFS Step-by-Step Guide for Windows Server 2008
http://technet.microsoft.com/en-us/library/cc732863(v=ws.10).aspx
Best regards,
Frank Shen

Similar Messages

  • Lync 2013 and Raising Forest/Domain Functional Level?

    My current forest and domain functional levels are 2008 R2. I know I can safely upgrade the functional levels in most cases, but I want to specifically know with regards to Lync.
    Our entire environment, including Lync, is running on Windows Server 2012 R2. (We have no domain joined clients.) We are running Lync 2013 Standard with all the latest updates.
    Can I safely raise the forest and domain functional levels to 2012 R2 without impacting Lync?

    Hi,
    Yes, you can raise Forest and domain function level to Windows Server 2012 R2 without issue.
    After raising Forest\domain function level, the new features that rely on the functional level are generally limited to AD itself. Regardless, changing the Domain or Forest Functional Level should have no impact on an application that depends on
    Active Directory.
    More details:
    http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

  • Credentials needed to raise domain and forest level from 2003 to 2012 R2.

    I migrated our environment from a single DC server 2003 to a single DC server 2012 R2.  I followed the migration process that is documented by Microsoft and others.
    However, I forgot to assign my account Enterprise Admin and Schema Admin before raising the domain and forest levels from 2003 to 2012 R2.  My account did have domain admin.  The GUI interface did not complain when I raised the level of the domain
    and then the forest.
    So I am thinking everything is OK.
    My question is am I going to have problems down the road with the AD environment?
    Thanks for any help or opinions.

    Using snapshot for a domain controller is not recommended, as usn rollback can occur. Allthough in server 2012 using snapshot for dc's has been improved and made 'safer', but I wouldnt use it as a backup solution.
    But back to your problem, Beaulieu, is it a single domain/single forest design? And the issue is that you have no membership in schema- and enterprise admins, but you do have an domain admin?
    Best Regards,
    Jesper Vindum, Denmark
    Systems Administrator
    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

  • Prepare 2003 Forest/Domain for 2008 R2 or 2012 Domain Controllers

    Hi,
    I would be grateful if you could help me with this:
    We have a single Forest/Single Domain structure which is managed by 4 Windows Server 2003 Std Edition. We are now trying to add a Server 2008 R2 as a domain controller. I have followed lots of articles on MS and other website with regards to preparing the
    Forest and domain before promoting the new server and here is what I got so far:
    Schema master - Windows 2003 SE
    FFL/DFL both set to 2003
    Run Adprep32.exe (found it on 2008 R2 disc) /forestprep and the outcome was:
    lDAPDisplayName "uidNumber" defined for object "CN=VintelauidNumber,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk" conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the lDAPDisplayName value uidNumber and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    OID "1.3.6.1.1.1.1.0" defined for object CN=Vintela-uidNumber,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the OID value "1.3.6.1.1.1.1.0" and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    lDAPDisplayName "gidNumber" defined for object "CN=Vintela-gidNumber,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk" conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the lDAPDisplayName value gidNumber and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    OID "1.3.6.1.1.1.1.1" defined for object CN=Vintela-gidNumber,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the OID value "1.3.6.1.1.1.1.1" and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    lDAPDisplayName "gecos" defined for object "CN=Vintela-gecos,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk" conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the lDAPDisplayName value gecos and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    OID "1.3.6.1.1.1.1.2" defined for object CN=Vintela-gecos,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the OID value "1.3.6.1.1.1.1.2" and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    lDAPDisplayName "unixHomeDirectory" defined for object "CN=Vintela-homeDirectory,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk" conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the lDAPDisplayName value unixHomeDirectory and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    OID "1.3.6.1.1.1.1.3" defined for object CN=Vintela-homeDirectory,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the OID value "1.3.6.1.1.1.1.3" and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    lDAPDisplayName "loginShell" defined for object "CN=VintelaloginShell,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk" conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the lDAPDisplayName value loginShell and resolve this inconsistency.  Then run adprep again.
    ==============================================================================
    OID "1.3.6.1.1.1.1.4" defined for object CN=Vintela-loginShell,CN=Schema,CN=Configuration,DC=Domain,DC=co,DC=uk conflicts with the schema extensions needed for Windows Server 2008 R2.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the OID value "1.3.6.1.1.1.1.4" and resolve this inconsistency.  Then run adprep again.
    On the Schema master, run AD Schema, MMC and deactivated the object for Vintela. run the adprep32 /forestprep again and still the same result.
    Would you please advise what else can/must be done? anyone knows anything on Vintela (Quest VAS) and how to get rid of it?
    thanks for your help in advance.

    Hi,
    Thanks for your post.
    In this case, the most cause may be the OIDS are in conflict with the 2008 /forestprep. Could you please let me know if the forest functional level is 2003? If not, please raise it to 2003.
    For the information about how to raise functional level, please refer to the articles as below:
    What Are Active Directory Functional Levels?
    http://technet.microsoft.com/en-us/library/cc787290(WS.10).aspx
    Raise the Domain Functional Level
    http://technet.microsoft.com/en-us/library/cc753104.aspx
    Raise the Forest Functional Level
    http://technet.microsoft.com/en-us/library/cc730985.aspx
    What is the Impact of Upgrading the Domain or Forest Functional Level?
    http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
    Besides, for the best practice, we can back up all domain controllers’ system state for the unexpected issues. Here is one article related to backup Active Directory.
    Backing up Active Directory
    http://technet.microsoft.com/en-us/library/cc961924.aspx
    I hope this information is helpful for you. If there is anything that requires further clarification, please don’t hesitate to let me know.
    Best regards,
    Ann
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Migrating from 2003 domain/forest level to 2008R2 with all DC's at 2008R2 and 2 other Domain External and Forest Trusts

    Is there anything that needs to be done or considered when migrating from 2003 domain/forest level to 2008R2 with all DC's at 2008R2 with 2 other 2003 separate Domain incoming
    and outgoing Trusts, one Trust that is a Forest Trust and the other is an External Trust? Is there any chance or risks that doing this upgrade will break either one of these Trust relationships? Some of the user accounts with SID history have been migrated
    from both Domain Trusts to our domain. Any chance that this upgrade will break these relationships for users that are using SID history for access to folders and files in their old Domains? If so what can be done to protect these trusts and SID history, prior
    to moving the Domain to 2008R2

    Hi,   
    Based on my knowledge,
    the Upgrade of the function level do not affect the trust relationship.
    Besides, before you upgrade the Functional Level,
    verify that all DCs in the domain are, at a minimum, at the OS version to which you will raise the functional level.
    Once the Functional Level has been upgraded, new DCs on running on downlevel versions of Windows Server cannot be added to the domain or forest.
    For more information about function level, we can refer to following links:
    Understanding Active Directory Domain Services (AD DS) Functional Levels
    http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx
    What is the Impact of Upgrading the Domain or Forest Functional Level?
    http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
    Best Regards,
    Erin

  • In Final Cut Pro x, Somehow my video got muted and I can't find a way to UNMUTE it! (it won't let me manually lift up or down the waveform - nor go in and raise the level of loudness) Any suggestions? (How to unmute)

    In Final Cut Pro x, Somehow my video got muted and I can't find a way to UNMUTE it!
    (it won't let me manually lift up or down the waveform - nor go in and raise the level of loudness)
    Any suggestions? (How to unmute)

    Do you know how to use the volume adjustment line?
    If so, is it not working?
    Can you post a screenshot of your audio?

  • How to check DFS replication status in windows 2008 r2 file server

    Hi,
    I have created File server DFS namespace between 2 windows 2008 R2 server. namespace mode is 2008. I have copied 3 TB data on file server 1. now it is getting replicated from file server 1 to file server 2. till now the data is not fully replicated.
    My question is how can I check the status of DFS replication? how will I come to know that the initial replication is completed.

    Scorpio. Yes you are right. Microsoft officially says it will not work. My apologies. Thanks for the correction.
    Do Ultrasound and Sonar work with DFS Replication?
    No. DFS Replication has its own set of monitoring and diagnostics tools. Ultrasound and Sonar are only capable of monitoring FRS.
    Is there a way to know the state of replication?
    Yes. There are a number of ways to monitor replication:
    DFS Replication has a management pack for System Center Operations Manager 2007 that provides proactive monitoring.
    DFS Replication has an in-box diagnostic report for the replication backlog, replication efficiency, and the number of files and folders in a given replication group.
    Dfsrdiag.exe is a command-line tool that can generate a backlog count or trigger a propagation test. Both show the state of replication. Propagation shows you if files are being replicated to all nodes. Backlog shows you how many files still need to replicate
    before two computers are in sync. The backlog count is the number of updates that a replication group member has not processed. On computers running Windows Server 2008 R2, Dfsrdiag.exe can also display the updates that DFS Replication is currently
    replicating.
    Scripts can use WMI to collect backlog information—manually or through MOM.
    Miguel Fra /
    Falcon IT Services
    Computer & Network Support, Miami, FL
    Visit our Knowledgebase and Support Sharepoint Site

  • Forest Level Trust to limited number of DC's

    I need to establish a 1-way forest level trust between 2 forests across firewalls. The source forest has a single domain with 13 domain controllers. Is it possible to limit the trust communication to only 2 domain controllers in the source
    domain or do I need to open up the required ports from the target domain controllers to all the DC's in the source forest?

    Hi,
    Based on my understanding of forest trust, if you create a one-way, forest trust between forest A (the trusted forest) and forest B (the trusting forest), members of forest A can access resources located in forest B, but members of forest B cannot access resources
    located in forest A using the same trust. There is no limitation for the number of DCs.
    In addition,for the ports used by trusts, you can refer to the link below:
    How Domain and Forest Trusts Work
    Best regards,
    Susie

  • Dirsync - does it have to be done at forest level?

    Hi,
    Scenario:
    Single Forest
    3 Domains (DomainA, DomainB, DomainC)
    Each domain has a separate Azure Tenant, the key is not to have user "bleed" between tenants thus only users in DomainA are in AzureTenantA, users in DomanB in AzureTenantB etc.  As I understand it the only way to achieve this
    is to install a DirSync server per domain but at Forest level and then apply filters to stop the sync'ing of the all the users within the entire Forest into the Azure tenants.
    Which brings me to the question in the title of this thread, does DirSync have to be done at the forest level?
    Cheers
    Rob

    Thanks for the reply Vivian.
    With a bit of testing I've got this working now. 
    I built a test Active Directory on-premise with a single root domain forest with two tree domains like so:
    The plan is to only sync the users from DomainA into AAD.
    I've installed DirSync onto the DC in DomainA and configured a service account within this domain. This service account needs adding to the Enterprise Admins group in the root forest domain.  I also had to add the account to the domain admins group
    within DomainA as well.
    On configuring DirSync I hit a "constraint violation" error, this was resolved by giving delegated access with "Replication permissions" to the service account created by DirSync (usually MSOL_xxxx) to  DomainA.  This allowed
    the configuration of DirSync to run.
    If I now run a full sync the AAD is populated with users from DomainA, DomainB and Forest.  This isn't what I wanted.....so off to DirSync FIM Synchronization service.
    In here I opened the "Active Directory Connector" within the Management Agents.  Select "Configure Connector Filter" -> "User" and add two new filters based on "UserPrincipalName" with an "Contains"
    operator for the two domain I don't need (DomainB and Forest).
    Forced a Sync and hey presto I have only DomainA users in AAD.
    Hopefully this information will be helpful to others.

  • Windows 2012 root certification authority in a 2003 Domain/ Forest level

    Hello,
    We are currently on Windows 2003 Domain & Forest Functional Level. Our Root CA is also currently on Windows 2003 DC.
    If  we have to setup a new Root/Issuing CA ( not exporting the current 2003 CA cert) on Windows 2012 R2 servers,   is it then mandatory to first upgrade Domain & Forest levels to 2012 R2 ?  Can we have  a PKI infrastructure with
    Enterprise CA's on a Windows 2012 Platform but the Domain/Forest levels  still on 2003 level ?   i understand it will be good to have everything on 2012 R2 , but can a mix of 2003 domain level  and 2012 CA  work ?

    Hi,
    Look at below tread it might help:
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/fa8cac92-0f71-426c-ac95-e89e90e1c8d1/certificate-authority-and-forestdomain-functional-level?forum=winserversecurity
    Basically the answer is yes you can have  CA on 2012 R2 and DFL/FFL still on 2003.
    Regards,
    Calin

  • Domain functional level 2003 -- 2008 and TMG 2010 (sp2 rollup 2)

    Hi,
    We want to raise our domain and forest functional level from 2003 to 2008. All DC's have been on 2008 or 2008R2 for about two years.
    I cannot find if there is any impact on TMG 2010 sp2 rollup 2. Does anyone know if this will bring any issues?
    Thanks!

    No impact. From a TMG perspective, go ahead.
    Hth, Anders Janson Enfo Zipper

  • Raise Forest and Domain

    I have four sites each with a windows 2012 R2 domain controller, one of which has all the FSMO roles and replication is successful. Currently the Domain and Forest Functional levels are all Windows server 2008 R2 and would like to raise them each respectively
    too Windows server 2012 R2.
    Here are my questions:
    Can I do this on the fly and what are the do's and dont's? There is no other domain controllers less that windows server 2012 r2.
    Thank you!

    Yes, you can do it on the fly. As long as you don't have any pre-2012 R2 DCs, then you are good to go.
    The changes introduce new functionality that more than likely *may* affect your current apps, such as 2012 R2 will no longer authenticate using NTLM authentication. But I'm sure you've already done your research on that and are ready to go. :-)
    If not, I would inventory your apps, contact the vendors to understand if they will still work, etc, just to make sure. Here are the changes introduced with the different levels:
    Understanding Active Directory Domain Services (AD DS) Functional Levels
    http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx
    Ace Fekay
    MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

  • DFS-R Top level NTFS Permissions

    Hi,
    As part of my setup, I'm trying to implement a new DFS-R share between 2x Windows 2003 R2 and 1x 2008 R2 servers
    I've been experimenting with the DFS-R, and I've found that if I try to change the NTFS partitions of the top-most folder, then these permissions are not replicated to the other duplicates on the other servers. Sub-file and sub-folder Perms are.
    I've also found that if I do modify the top-level folder, than that server stops replicating to the others - with no errors in the event logs !  Disaster !!  In my testing, all I did was add another users read access, and then that stops replication!!
    So - if I need to control the top-level perms, do they all have to be in sync and setup manually ?

    Hi Shaon,
    Sorry I had to actually setup the server on the remote site.  So no - I'm still seeing issues.
    I ran that DFSutil on serv14. I don't know why it doesn't show the ClientApps DFS replication.
    2 entries...
    Entry: \Ubiq-serv1\Users
    ShortEntry: \Ubiq-serv1\Users
    Expires in 24 seconds
    UseCount: 1 Type:0x81 ( REFERRAL_SVC DFS )
       0:[\UBIQ-SERV1\Users] AccessStatus: 0 ( ACTIVE TARGETSET )
    Entry: \ubiquisys.local\sysvol
    ShortEntry: \ubiquisys.local\sysvol
    Expires in 562 seconds
    UseCount: 0 Type:0x1 ( DFS )
       0:[\UBIQ-SERV14.ubiquisys.local\sysvol] AccessStatus: 0 ( ACTIVE TARGETSET )
       1:[\UBIQ-SERV1.ubiquisys.local\sysvol] ( TARGETSET )
       2:[\ubiq-serv9.ubiquisys.local\sysvol]
       3:[\ubiq-serv8.ubiquisys.local\sysvol]
       4:[\UBIQ-SERV10.ubiquisys.local\sysvol] ( TARGETSET )
    DfsUtil command completed successfully.
    I'm also seeing folders/files not replicate between 14 and 9.  Some do, some dont. Seems to be zero byte files causing most of the issues.

  • Raising Functional level - From 2003 to 2008R2

    Recently I have completed the AD upgrade from 2003 to 2012. Now all sites have 2012 DCs only. Next i plans to raise the functional level of both Forest and Domain from 2003 t0 2008R2.
    I want to know the things to take care before doing this upgrade.

    hi,
    if you are only using 2012 DC's that you may want to go straight to 2012 functional level. The functional level change is generally classed as low impact and simply tells AD it can use all it's additional features.
    There is no real roll back if any issues are caused during or after the change, so you need to ensure you have full backups and are aware of the forest recovery process. Make sure you have spoken to all your software vendors whose software integrates with
    AD before doing the change to ensure that it won't affect the running of this software.
    There is a very good article here from the MS Directory team on the process and the impact.
    http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
    Regards,
    Denis Cooper
    MCITP EA - MCT
    Help keep the forums tidy, if this has helped please mark it as an answer
    My Blog
    LinkedIn:

  • Cannot Raise Functional Level in 2003 server

    Replacing 2003 server to 2008 R2 and inorder to migrate ADDS tried to raise the domain functional level to "Windows 2003" but the raise button has been disable for to click on it.

    After executing this command i found: :
    \netdom query fsmo
    Schema Owner          DC1.domain2.net
    Domain Role Owner     DC1.domain2.net
    PDC Role              DC1.domain2.net
    RID Pool Manager      DC1.domain2.net
    Infrastructure Owner  Dc1.domain2.net
    :\\repadmin \options
    Current DC options: (none)

Maybe you are looking for