Domain / Forest functional levels

I've done some research but really need someone to tell me I've got this right in my head...
I've got 2 domains in the forest, the forest functional level is 2003. Here's the setup:
domain1.local
root domain
2 DCs running W2K8R2
DFL - 2003
domain2.local
1 DC running W2012R2
1 DC running W2K3 (soon to be retired)
DFL - 2003
Can I upgrade the DFL of domain1 to 2008R2?
Can I upgrade the FFL to 2008R2 while maintaining trust?
Do the domain and forest functional levels have to match?
Thanks in advance for any answers!

> Can I upgrade the DFL of domain1 to 2008R2?
Yes.
> Can I upgrade the FFL to 2008R2 while maintaining trust?
Yes.
> Do the domain and forest functional levels have to match?
No.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :))

Similar Messages

  • Which domain and forest functional level is supportted for the "Active Directory Resource Pool Synchronization"?

    Hi all,
    I'd like to confirm which Domain/Forest functional levels of Active Directory is supported for "Active Directory Resource Pool Synchronization" in Project Server 2013.
    I guess that 2003 or later is supported, but my customer required reliable sources.
    I googled and searched article at TechNet, but I couldn't find.
    Could anyone inform me the article about that?
    Thank you in advance.
    Kaori.

    Hi Michael and all,
    Anyway I solved this issue.
    I couldn't find article that I desired, so I asked advice to my colleagues and they told that the functional level 2003 or later are supported in their experience.
    In addition, I found these articles about SharePoint sync limitations.
    Members of the domain local group cannot view a Microsoft Office SharePoint Server 2007 Web site
    http://support.microsoft.com/kb/932378/en-us
    SharePoint supportability of Read only Domain controllers
    http://support.microsoft.com/kb/970612

  • Things to be considered before AD - domain and forest functional level upgrade (win 2003 to 2008 R2)

    Hi
    Recently we introduced Windows 2008 R2 DCs and decommissioned old Windows 2003 domain controllers. Since we are not sure about the application compatibility (both MS and 3rd party) many times we postponed the plan to upgrade the DFL and FFLs. We found Jonathan's
    blog (http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx),
    whcih clearly says the upgrade won't affect any applications. But just to confirm this with the experts we are posting this concern once again. We have Exchange 2010 / Shrepoint / SQL / SAP etc..(also 2 X windows 2000 servers)
    Please let us know from your real experiance - in production environment how a upgrade from 2003 to 2008 R2 (belive we can able to upgarde both FFL and DFLs from Win 2003 to Win 2008 R2) affects existing applications.
    Thanks in advance
    LMS

    I might be able to help with Exchange. What service pack?
    Most likely, there should be no problem. The Exchange compability matrix shows that (with SP2 and SP3) it is compatible with Windows 2008 R2 domain controllers and 2008 R2 domain and forest functional levels.
    I'm *working on* an Exchange 2010 migration but if you want someone who *has* such a combination (2008 R2 DFL/FFL and Exchange 2010), you could ask in the Exchange forum.
    I'm sure, though, that such a combination is actually quite common.
    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  • Windows 2008 R2 domain controllers with Windows 2003 forest functional level Supported after Windows 2003 support ends in July 2015

    Hi
    Anyone knows whether Windows 2008 R2 domain controllers with Windows 2003 forest functional level will still be Supported after Windows 2003 support ends in July 2015 ?
    Thanks

    When Windows Server 2003 support ends, you should not have a Windows Server 2003 Domain Controller running if you would like to be supported by Microsoft. This means that there will be no reason to have a DFL or FFL that is lower than Windows Server 2008.
    So, if you are keeping Windows Server 2003 FFL to keep DCs running Windows Server 2003 then this is not supported.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Raising Domain Functional / Forest Functional Levels

    Hi guys,
    I've upgraded my AD servers to Windows 2012 and have removed all the Windows 2003 servers in my network.
    However, I wish to implement fine grained password policy. However, my Forest and Domain Functional levels are still at 2003. The minimum requirement for fine grained password policy states that the domain functional level must be set to
    Windows Server 2008 or higher.
    How do I go about raising the Forest / Domain functional level? Which functional level should I raise first (the forest or domain)? Will there be any downtime and implications if I were to perform the raise?
    Thanks guys!!

    Hi guys,
    I've upgraded my AD servers to Windows 2012 and have removed all the Windows 2003 servers in my network.
    However, I wish to implement fine grained password policy. However, my Forest and Domain Functional levels are still at 2003. The minimum requirement for fine grained password policy states that the domain functional level must be set to
    Windows Server 2008 or higher.
    How do I go about raising the Forest / Domain functional level? Which functional level should I raise first (the forest or domain)? Will there be any downtime and implications if I were to perform the raise?
    Thanks guys!!
    There will be no downtime when raising your Domain Functional Level or Forest Functional Level.
    All you need to know is that by raising your DFL to Windows Server 2008 or higher, you will not be able to set it back to Windows Server 2003 without a recovery from backup (This is not a reversible operation without restore). Also, you will need to have
    DCs that are running OSs with the same level as your DFL or higher.
    If you are not planning to add DCs that are running OSs lower than Windows Server 2012 then simply raise your DFL and FFL to Windows Server 2012. FYI, as long as you have not enabled AD recycle Bin, you can downgrade the DFL and FFL to Windows Server 2008.
    More about the benefits you can take by raising your DFL and FFL here: https://technet.microsoft.com/en-gb/library/understanding-active-directory-functional-levels(v=ws.10).aspx
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Existing 2003 forest functional level -- 2012 forest functional level in production environment?

    Hello experts!  
    A quick question if it can be one:
    Is it possible to raise a forest functional level from 2003 to 2012 in a production environment (only 2003 DCs with existing roles to only 2012 DCs)?  If so, is there a standard implementation of the upgrade process
    (migration of roles, migration tools, etc.)?
    many thanks!
    David

    hi,
    Thanks for posting. 
    Sorry i don't know if i am understanding your question. Are you talking about upgrading your DC's in your current forest to 2012 then raising the functional level? 
    If so, first of all you can only raise the forest and domain functional levels when all DC's in the forest and domain are at 2012 or higher. 
    To get your domain unto 2012 DC's there are a couple of paths you can adopt, but generally the simplest is:
    1. Introduce your first 2012 / 2012 R2 DC into your existing domain, this will extend the schema with the additional attributes that are required to 2012 - this is an automatic process during promotion of your first 2012 DC.
    2. Go through and start replacing your existing domain controllers. You don't normally do an inlace upgrade, the preferred method would be to use different hardware, built up the new DC to replace your existing one, then demote the existing one - keep going
    through this process until all your DC's are 2012.
    NB: which ever DC(s) currently holds the FSMO roles you will need to transfer these to one of your new 2012 DC's before you decommission that one. 
    if i've got what you were asking wrong, please let me know, otherwise hopefully this helps.
    Regards,
    Denis Cooper
    MCITP EA - MCT
    Help keep the forums tidy, if this has helped please mark it as an answer
    Blog: http://www.windows-support.co.uk 
    Twitter:   LinkedIn:

  • The specified forest functional level is invalid. "Lync Server" requires forests running in Windows 2003 mode or higher.

    Dear Support Team,
    i am having the error ''The specified forest functional level is invalid. "Lync Server" requires forests running in Windows 2003 mode or higher'' from lync 2013 during the schema master prepare on windows server 2008r2 and my forest functional
    level are 2008r2.. so can you help me please...?

    Dear Support Team,
    in my network there are one forest and two domain controller (primary and secondary).. my domain functional
    level is windows server 2008r2.. but i am still receiving error.. when i hit the run button for schema prepare its says:
    ServerSchemaPrepareTask execution failed on an unrecoverable error.
    and when i open log it sasys: 
    Error: The specified forest functional level is invalid. "Lync Server" requires forests running in Windows 2003 mode or higher.
    kindly help me

  • Raise the Forest functional level

    I am running one Domain Controller on Windows Server 2012 R2 DataCenter.  Right now both the forest functional level and the domain functional level is at Server 2003.  I want to raise both the forest functional level and the domain functional
    level to Server 2008 R2.  
    Question:  Do I need to update the Schema before I try to Raise the forest functional level or before I try to Raise the domain functional level?
    Question: Once I Raise both the forest functional level to Server 2008 R2 it is best to not move past that point to Server 2012 R2. I only have one Domain Controller in the domain?  
    Van R. Johnson

    Question:  Do I need to update the Schema before I try to Raise the forest functional level
    or before I try to Raise the domain functional level?
    No, the schema is already updated.
    Question: Once I Raise both the forest functional level to Server 2008 R2 it is best to not move
    past that point to Server 2012 R2. I only have one Domain Controller in the domain?  
    By raising your DFL and FFL to Windows Server 2008 R2, you will no longer be able to have a DC running an OS that is lower than Windows Server 2008 R2 (You can lower that to Windows Server 2008 as long as AD Recycle Bin is not enabled). As this the only
    DC within your domain / forest then simply raise the DFL and FFL to Windows Server 2012 R2 (You can lower it later if required) and that way you can take full advantages of what is mentioned here: https://technet.microsoft.com/en-gb/library/understanding-active-directory-functional-levels(v=ws.10).aspx
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Windows 8.1 Clients cant register record in DNS in forest functional level 2008 environment (DNS Client Events 8018)

    Hello,
    I have two DC,:
    first Windows Server 2008, second Windows Server 2012 R2,
    AD works in forest functional level 2008
    Workstations working in Windows 8.1 OS cant register to DNS with warning:
    The system failed to register host (A or AAAA) resource records (RRs) for network adapter
    with settings:
               Adapter Name : ...................................................
               Host Name : ...................................
               Primary Domain Suffix : ....................................
               DNS server list :
               Sent update to server : <?>
               IP Address(es) :
    The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for
    this name does not support the DNS dynamic update protocol.
    To register the DNS host (A or AAAA) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.

    Hi,
    Functional levels determine the available Active Directory Domain Services (AD DS) domain or forest capabilities. They also determine which Windows Server operating systems you can run on domain controllers in the domain or forest. However, functional levels
    do not affect which operating systems you can run on workstations and member servers that are joined to the domain or forest. Set the domain and forest functional levels to the highest value that the environment can support, in order to use as many AD DS features
    as possible.
    You may reference SenneVL’s suggestion, and use ipconfig /registerdns
    on the workstation to confirm that if the DNS record can be registered.
    Best Regards,
    Eve Wang
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Raise domain functional level

    Hi All,
      What all that need to be considered before raising domain / forest functional level.

    Hi channavera,
    Some items that you want to consider are what OS are you running for all your DC's in the domain/forest. This is important, since you have to have a certain level for the functional level. For example, if you want to raise up to functional level of 2012,
     you will need to make sure any DC's running 2008 or lower are upgraded before you do so. Raising the functional level will change up the schema for the domain, making it incompatible with the lower OS's.  If you are going to continue to run 2008
    server in the domain/forest, you will want to only raise the functional level to 2008.  Also, keep in mind, you cannot go to a lower functional level (i.e. if you go to 2012, you cannot go back to 2008) except under very specific circumstances.  
    I know what I brought up is not the only consideration, but a big one, as it basically determines what functional level you want to use for the domain/forest.
    Also, this technet site goes over what changes for each level. Understanding AD Functional levels

  • Domain functional levels

    Good afternoon,
    Next week I'm going to start upgrading all of our domain controllers with brand new rack mounted servers.  We currently have 3 domain controllers in different cities, all three running Windows Server 2008 R2.  All 3 of the new servers are running
    Windows Server 2012 R2.  I'm going to start with one DC at a time and just demote the old one and promote the new one.  My question is can a Windows Server 2012 domain/forest functional level co-exist with a Server 2008 Domain/Forest functional level?
     Since I'm doing one DC at a time there will always be a time until the last DC is replaced that Server 2008 R2 and Server 2012 R2 DC's will live in the same forest together.  Should I just install the new Server 2012 R2 DCs as a Server 2008 functional
    level and then go back and upgrade them all at once?

    > promote the new one.  My question is can a Windows Server 2012
    > domain/forest functional level co-exist with a Server 2008 Domain/Forest
    > functional level?
    Simply spoken: No. There is only one DFL/FFL (not "per server"), and it
    cannot be higher than the level that the "oldest" DC running in Domain
    or Forest supports.
    Martin
    Mal ein
    GUTES Buch über GPOs lesen?
    NO THEY ARE NOT EVIL, if you know what you are doing:
    Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))

  • Windows 2012 root certification authority in a 2003 Domain/ Forest level

    Hello,
    We are currently on Windows 2003 Domain & Forest Functional Level. Our Root CA is also currently on Windows 2003 DC.
    If  we have to setup a new Root/Issuing CA ( not exporting the current 2003 CA cert) on Windows 2012 R2 servers,   is it then mandatory to first upgrade Domain & Forest levels to 2012 R2 ?  Can we have  a PKI infrastructure with
    Enterprise CA's on a Windows 2012 Platform but the Domain/Forest levels  still on 2003 level ?   i understand it will be good to have everything on 2012 R2 , but can a mix of 2003 domain level  and 2012 CA  work ?

    Hi,
    Look at below tread it might help:
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/fa8cac92-0f71-426c-ac95-e89e90e1c8d1/certificate-authority-and-forestdomain-functional-level?forum=winserversecurity
    Basically the answer is yes you can have  CA on 2012 R2 and DFL/FFL still on 2003.
    Regards,
    Calin

  • Why domain functional level should be greater than or equal to forest FL?

    We know that domain functional level must be greater than or equal to forest functional level. Why is that so?
    My perspective is if we set FFL to windows server 2008 r2 and DFL to windows 2003, active directory recycle bin won't be available to the domain whose FL is windows 2003. Is that right?

    My perspective is if we set FFL to windows server 2008 r2 and DFL to windows 2003, active directory recycle bin won't be available to the domain whose FL is windows 2003. Is that right?
    Greetings!
    Active Directory Recycle Bin needs to be implemented in a forest with 2008 R2 forest functional level. Because it was added in 2008 R2 operating system. In order to have a 2008 R2 forest functional level you need to raise all the child domains DFL's first.
    Regards.
    Mahdi Tehrani   |  
      |  
    www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as
    and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.
    How to query members of 'Local Administrators' group in all computers?

  • Exchange Server 2003 SP2 - Forest and Domain Functional Level Limitations

    Hi All
    Bit of a legacy question and theres not much clarity out there..
    I need to confirm the highest DFL and FFL Supported by Microsoft for Exchange 2003 SP2?
    We currently have a mix of 2003 R2 and 2008 R2 domain controllers with the FFL and DFL currently set at 2003 R2.
    The plan is to move to Exchange 2010 in the very near future, so the question is do we need to wait until we upgrade to Exchange 2010 Before upgrading the DFL and FFL to 2008 R2?
    From what Ive read we will need to complete the Exchange upgrade first before moving forward with the functional level upgrades..
    Thanks in advance
    Bull

    Hi Bull,
    As Ed mentioned, Exchange server 2003 and Exchange 2010 support Windows Server 2003 domain functional level and Windows Server 2003 forest functional level, also supported in higher environment.
    More details about it, please refer to “Supported Active Directory environment” section:
    http://technet.microsoft.com/en-us/library/ff728623(v=exchg.150).aspx
    Note that we cannot add new DCs which are the less version of Windows Server
    cannot be added to the domain or forest. More details about
    the Impact of Upgrading the Domain or Forest Functional Level, for your reference:
    http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
    Best Regards,
    Allen Wang

  • Lync 2013 and Raising Forest/Domain Functional Level?

    My current forest and domain functional levels are 2008 R2. I know I can safely upgrade the functional levels in most cases, but I want to specifically know with regards to Lync.
    Our entire environment, including Lync, is running on Windows Server 2012 R2. (We have no domain joined clients.) We are running Lync 2013 Standard with all the latest updates.
    Can I safely raise the forest and domain functional levels to 2012 R2 without impacting Lync?

    Hi,
    Yes, you can raise Forest and domain function level to Windows Server 2012 R2 without issue.
    After raising Forest\domain function level, the new features that rely on the functional level are generally limited to AD itself. Regardless, changing the Domain or Forest Functional Level should have no impact on an application that depends on
    Active Directory.
    More details:
    http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

Maybe you are looking for

  • Can't install windows 8.1 with boot camp

    I'm trying to install windows 8.1 with boot camp and this is the message I keep getting. I've tried several times and every time I get this. I have a 2015 MacBook Pro. I've tried installing from a usb with ISO and also from a oem windows dvd. Any hel

  • Getting the name of the installed video card

    I'm trying to discover if exists any way in java to get the name (ATI, nVidia, Creative) and other properties (version,memory size,...) of the installed video card where the jvm is running. Thanks in advance, Joan

  • How to find username and password

    Hi,   Thanks for any help you guys can give me.  I'm trying to setup the e-mail on my pearl and it says I already have a username and passwordm but I don't know what they are and don't remember setting it up.  I tried calling sprint, they had me call

  • Problem with delete key

    i am an optonline email user and the delete key won't work when i use optonline email. works in all other applications on the computer but not in optonline. help??!!

  • Workitem is waiting in Test system

    Hi Friends. i am new in workflow. i created one workflow for find and lock employee. this workflow is working fine in Development system. but its not working in Test system. can any one suggest me what should i need to do. its waiting one step find l