Domain functional level 2003 -- 2008 and TMG 2010 (sp2 rollup 2)
Hi,
We want to raise our domain and forest functional level from 2003 to 2008. All DC's have been on 2008 or 2008R2 for about two years.
I cannot find if there is any impact on TMG 2010 sp2 rollup 2. Does anyone know if this will bring any issues?
Thanks!
No impact. From a TMG perspective, go ahead.
Hth, Anders Janson Enfo Zipper
Similar Messages
-
Missing nodes in new GPO objects after adding ADMX to DC (Server 2008 Domain Functional Level 2003)
Hello,
we discovered an issue in GPO console.
DCs: multiple 2008 there is one 2003DC somewhere over the rainbow (don't ask why) :)
Domain Functional Level is 2003.
In June I added Policydefinitions folder into Policy folder in sysvol\domain_name.
I did this for adding ADMX.
Today we found missing nodes when adding new GPO objects and trying to modify them.
Under Computers\Administrative Templates there is only ADMX node. No Administrative Templates with sub nodes: Systeme, Network, Printes, Windows Components.
When edit old GPOs There is Administrative Templates in Administrative Templates with ADMX folder. SEE Screenshot.
My colleague insists that it happened after I made changes by adding ADMX things. Looks that he is right.
Please any help on this issue... How to get back nodes for managing new GPOs as it was before adding ADMX.
Is this something known? I didn't find any prerequisites before adding PolicyDefinistions folder.
Thanks.
"When you hit a wrong note it's the next note that makes it good or bad". Miles DavisMeinolf,
1. I would like to know if it is normal behaviour that after creating a Central Store (adding PolicyDefinitions folder into Policies) Classical Administrative Templates will not appear for any new GPO (they do exist to all previously created) see
picture
2. I followed the links. And eventually will use the script for cleaning up duplicate adms in all GPOs. It is great feature of ADMX. But first I would like to bring back the option of Admin Templates.
So I downloaded latest 2012 ADMXs. Run setup on my computer. Now I have Policydefinitions folder containing new ADMXs with languages (culture) folders.
Am I right? I have to copy all *.admx files to my Central Store Policydefinitions folder and all En admls drop to En-Us language folders. What will happen if I will add Fr-Fr? Would it be correct to have 2 languages for the same admxs. And how they will
appear. Or it will depend on OS language were GP console will be opened?
No conflict to expect?
I will do this "surgery" after your answer.
Thanks for pointing out..
"When you hit a wrong note it's the next note that makes it good or bad". Miles Davis -
]TMG 2010 SP2 Rollup 5 - None Available Worker threads
Hi Guys,
We're experiencing some problems with our TMG 2010 Array (SP2 Rollup 5 ),and the first thing I can see is that the "Available Worker Threads" are 0 many times during the day. How can debug further this issue to know the root cause?'
Best Regards
Federico Giampietri Latamsupport IT Infrastructure ServicesHi,
>>"Available Worker Threads" are 0 many times during the day.
Could you see any other abnormal symptom in TMG?
The issue in the KB below has a symptom that "The Available Worker Threads counter in the Forefront TMG Firewall Service may suddenly decrease to zero". But this has been fixed in Rollup 5. If you still have the same issue after
installing Rollup 5, you may need to open a case with Microsoft.
FIX: Server that's running Forefront Threat Management Gateway 2010 stops accepting all new connections and becomes unresponsive
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Logon failure after upgrade Windows 2003 domain functional level and schema
Before upgrade:
Windows 2003 Std server: Domain functional level 2000, Schema verion 30
Crystal Report XI R2: Authentication: Windows AD
Logon OK.
After Upgrade:
Windows 2003 Std + Windows 2008: Domain functional level 2003, Schema verion 44
Crystal Report XI R2: Authentication: Windows AD
Logon Error: An error has occurred: java.lan.NullPointerException
Is it a Tomcat problem? OR Java runtime problem? OR XI R2 problem?
Anyone can help to fix it!? Thanks!!OK, I try again in the testing lab and simplify the combination. We only consider Windows 2003 ONLY.
Before AD upgrade:
AD/Domain Controller: Windows 2003 Std server: Domain functional level 2000, Schema verion 30
Crystal Report XI R2: run on Windows 2003 memeber server
Operating OS: Windows XP/Vista/7: Authentication: Windows AD
Logon OK.
Upgrade cmbination 1
Step 1:
Upgrade Domain controller: Windows 2003 to Windows 2003 R2 (Domain functional level 2000, Schema verion 31 )
Crystal Report XI R2: run on Windows 2003 memeber server
Operating OS: Windows XP/Vista/7: Authentication: Windows AD
Logon OK.
Step 2:
Upgrade Domain Functional Level: Windows 2003 R2 (Domain functional level 2003, Schema verion 31)
Crystal Report XI R2: run on Windows 2003 memeber server
Operating OS: Windows XP/Vista/7: Authentication: Windows AD
Logon Fail
Logon Error: An error has occurred: java.lan.NullPointerException
Upgrade combination 2
Direct upgrade Domain Functional Level: Windows 2003 (Domain functional level 2003, Schema verion 30)
Crystal Report XI R2: run on Windows 2003 memeber server
Operating OS: Windows XP/Vista/7: Authentication: Windows AD
Logon Fail
Logon Error: An error has occurred: java.lan.NullPointerException
In this testing, we can conclude that the Domain Functional Level upgrade from 2000 to 2003. The MI logon will fail.
Q1. Crystal Report XI R2 cannot run on Windows 2003 server (Domain Functional Level: 2003)?
Q2. If Crystal Report XI R2 can run on Domain Functional Leve: 2003, how to fix our problem?
Do you have any idea to help us? Thanks!
Edited by: Initiator on Jul 20, 2010 6:22 AM -
Domain Functional Level: 2008 R2 to 2012 R2
My current forest and domain functional levels are 2008 R2. I know I can safely upgrade the functional levels in most cases, but I want to specifically know with regards to Lync.
Our entire environment, including Lync, is running on Windows Server 2012 R2. (We have no domain joined clients.)
Can I safely raise the forest and domain functional levels to 2012 R2 without impacting Lync?you can easily upgrade the funtional level without any issues since you have all the Domain Controllers on Win server 2008R2.
http://support2.microsoft.com/kb/2869728/en-us
For more details : Listed below link has the table which shows the effects of upgrading the domain functional levels to Windows 2012
http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels
pankaj(MCT) -
Lync 2013 and Raising Forest/Domain Functional Level?
My current forest and domain functional levels are 2008 R2. I know I can safely upgrade the functional levels in most cases, but I want to specifically know with regards to Lync.
Our entire environment, including Lync, is running on Windows Server 2012 R2. (We have no domain joined clients.) We are running Lync 2013 Standard with all the latest updates.
Can I safely raise the forest and domain functional levels to 2012 R2 without impacting Lync?Hi,
Yes, you can raise Forest and domain function level to Windows Server 2012 R2 without issue.
After raising Forest\domain function level, the new features that rely on the functional level are generally limited to AD itself. Regardless, changing the Domain or Forest Functional Level should have no impact on an application that depends on
Active Directory.
More details:
http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Cannot Replicate after upgrading domain functional level
Hello,
Parent and child domain. Parent domain (forest) still in domain functional level 2003. However, child domain i just updated to domain functional level 2008 R2. Now replication is not working. I believe the issue is dns, but i do not know what could be different
the names have not changed? This is a two way transitive trust between domains.
Frequent messages from dcdiag dns, are
no DNS RPC connectivity (although i have tried restarting dcom, netbios and frs)
Also in event viewer many 13508 errors
Any help is greatly appreciated thank you.Have you restarted the DCs after that you raised the functional level? The password of the krbtgt account is reset when the DFL is raised from 2003 -> and sometimes the DCs need to be restarted for the authentication to succeed up to the root.
If you from a Windows Server 2008 R2 DC run dcdiag /test:dns /E dose it report any errors?
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog -
Raising Domain Functional level
We have 75 domain Controllers in our Org and current Domain Functional level is 2003. We have a mix setup where all versions of OS are available starting from 2003. A large no of applications are also integrated with our current Active Directory.
My concern is, If I raise my Domain Functional level to 2008 then what are the consequences we might face in terms of accessing legacy applications.
Please let me know the checklist which we need to follow and incase of any failure then what will be the rollback procedure.
Looking forward for your valuable inputs.Hi,
I agree with others. Once the Functional Level has been upgraded, new
servers running on lower versions cannot be added
as Domain Controllers to the domain or forest. If all the DCs in the domain is server 2008 and later version, we can raise the function level of the domain to get more advanced features.
> If I raise my Domain Functional level to 2008 then what are the consequences we might face in terms of accessing legacy applications.
For this question, make sure that the applications in the domain are compatible with the new functional level
For detailed information about how to raise function level, we can refer to the following link:
Raising the Functional Levels
http://technet.microsoft.com/en-us/library/cc771949(v=WS.10).aspx
Best Regards,
Erin -
Hi there,
I have an issue with TMG 2010 on Hyper-V 2012 - the Setup:
- Windows 2012 Hyper-V
- TMG 2010 SP2 Rollup 4 running on W2K8 R2
TMG 2010 (Array Node1) Network
Internal Interface: 10.0.0.10/24 (Route to 192.168.11.0/24 over 10.0.0.1)
IntraArray: 192.168.10.10/24
Perimeter: 10.0.60.10/24 GW 10.0.60.100
TMG 2010 (Array Node2) Network
Internal Interface: 10.0.0.11/24 (Route to 192.168.11.0/24 over 10.0.0.1)
IntraArray: 192.168.10.11/24
Perimeter: 10.0.60.11/24 GW 10.0.60.100
Domain Controllers:
192.168.11.10
192.168.11.11
The NICs of the TMG VMs are configured with the correct VLANs and on the Perimeter Interface as well as on the Internal Interface I activate MAC Address Spoofing.
Once I activate NLB on the Perimeter Interface all works fine. But NLB on the internal Interface does not work - I see that NLB got configured on Array Node 1 but the second one does not get the config nor is able to sync it´s configuration with Array
Node 1. ALso the Servers are not able to communicate with the Domain Controllers anymore. Once I deactivate MAC Address Spoofing on the internal Interface and remove NLB the Server are able to speak to the Domain Controllers...
Any suggestions?Hi,
Can I just confirm you are using TMG console to enable NLB?
Also did you enable set this reg key on both your TMG servers? You need to make sure MAC Spoofing is enabled too.
HKLM\System\CurrentControlSet\Services\TCPIP\Parameters
IPEnableRouter RegDword 1
after enabling the key you may need to reboot both nodes.
Regards,
Denis Cooper
MCITP EA - MCT
Help keep the forums tidy, if this has helped please mark it as an answer
Blog: http://www.windows-support.co.uk
Twitter: LinkedIn: -
Exchange Server 2003 SP2 - Forest and Domain Functional Level Limitations
Hi All
Bit of a legacy question and theres not much clarity out there..
I need to confirm the highest DFL and FFL Supported by Microsoft for Exchange 2003 SP2?
We currently have a mix of 2003 R2 and 2008 R2 domain controllers with the FFL and DFL currently set at 2003 R2.
The plan is to move to Exchange 2010 in the very near future, so the question is do we need to wait until we upgrade to Exchange 2010 Before upgrading the DFL and FFL to 2008 R2?
From what Ive read we will need to complete the Exchange upgrade first before moving forward with the functional level upgrades..
Thanks in advance
BullHi Bull,
As Ed mentioned, Exchange server 2003 and Exchange 2010 support Windows Server 2003 domain functional level and Windows Server 2003 forest functional level, also supported in higher environment.
More details about it, please refer to “Supported Active Directory environment” section:
http://technet.microsoft.com/en-us/library/ff728623(v=exchg.150).aspx
Note that we cannot add new DCs which are the less version of Windows Server
cannot be added to the domain or forest. More details about
the Impact of Upgrading the Domain or Forest Functional Level, for your reference:
http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
Best Regards,
Allen Wang -
Domain functional level upgraded to 2008 r2 native mode but query states 2003
Nothing :(
I raised the domain functional level last night to 2008 r2 native mode and after allowing everything to sync i ran the command get-addomain .domainmode and it came back ast windows2003forest.
I dont understand why it is showing up this way, we removed all of the 2003 domain controllers and server from our network before doing this...Any suggestions?
This topic first appeared in the Spiceworks Community -
Hyper-v 2012 R2 Live migration issue in 2003 Domain function Level
hi Team ,
i recently build 2012 R2 Hyper-v Cluster with three node. Everrything working fine with out any issue . Cluster working also fine. Later i came across one issue when tried to Live migration virtual machine from one host to another . it failed all the time
while quick migration is working . i gone through few articles and find it is known issue with hyper-v 2012 R2 where domain functional level is set to 2003 . although they have provided Hotfix but no solution.
http://support.microsoft.com/kb/2838043
Please let me know if any one face similar issue and able to resolve by any hotfix. My host are updated .
Thanks
Ravindra
RaviHi Ravi1987,
The KB2838043 is applied for Server 2012 node, Could you offer us the related cluster error event id, or you can refer the following article to check your cluster
network binding order is correct or not.
Configuring Windows Failover Cluster Networks
http://blogs.technet.com/b/askcore/archive/2014/02/20/configuring-windows-failover-cluster-networks.aspx
You can try to install recommended hotfixes and updates for Windows Server 2012 R2-based failover clusters first, then monitor this issue again.
The KB download:
Recommended hotfixes and updates for Windows Server 2012 R2-based failover clusters
http://support.microsoft.com/kb/2920151
More information:
Windows Server 2008 R2 Live Migration – “The devil may be in the networking details.”
http://blogs.technet.com/b/askcore/archive/2009/12/10/windows-server-2008-r2-live-migration-the-devil-may-be-in-the-networking-details.aspx
I’m glad to be of help to you! -
Windows server domain group membership with functional level 2003 - windows API
Hello,
I am a programmer trying to get members of a global domain group using windows server 2008 enterprise edition,
in the past there wasn't a functional level 2003 on windows server, but when 2003 functional level appeared a new features were added like adding
a global group as a member to another global group in the domain,
in the past the API written could get the members if the member was a user, but it can't get a member if it was a global group.
I am using this API "NetGroupGetUsers" to get a members of a global domain group, and it gets the users but it doesn't get the
members if they were global groups...
I tried another API "NetLocalGroupGetMembers" it is getting a global group as a member but it is working only if the owner group was a local group on the server
or on another machine that is added to the server, but this API doesn't work if the owner group was a domain global group.
My question is how to get members of a global group including the members that are global groups too???
Thanks,
- Shomaf> I am using this API "NetGroupGetUsers" to get a members of a global
This interface is based on Win 2000, and since Win 2000 did not support
global group nesting, this interface does not, too...
> domain group, and it gets the users but it doesn't get the
> members if they were global groups...
You should use
http://msdn.microsoft.com/library/aa706032.aspx - and
don't forget to track down the nestings :)
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
SCSM 2012 with 2003 domain functional level supported?
All,
I am running SCCM 2007. Now I need to install Service Manager 2012SP1. Domain functional level is 2003 with 2008 DC.
will this allow me to install SCSM 2012SP1 with full features? or will it be reduced functionality?
will there be any schema extension when I install SCSM 2012? pleas note we already have SCCM 2007 running.
can I upgrade SCCM 2007 to SCCM 2012?
it would be helpful if you could share some link about whether its possible or not.
Thanks.
KailashCThomas,
Thanks for your response. Can I do a direct upgrade SCCM 2007 SP3 to SCCM 2012 or do I need to plan a migration? I mean fresh install SCCM 2012 and then migrate the data over ?
Thanks.
KailashC -
Lingering 2003 DC causing Domain Functional Level Upgrade fail
Got that one too :(
I can't find hide nor hair of this darn beast anywhereHave a DEAD 2003 DC - check
Have removed it from AD via GUI (ADUC) deletion - Check
Cleaned up DNS - Check and double check
Review LostandFound container in ADSI edit - Check - No objects present
Right click Domain Name in ADUC, select Raise Domain Functional level - F A I L
Run through NTDSUTIL Metadata cleanup steps (MS technet article) - The server object isn't there
What am I missing here? I've gone back over DNS, searched for the computer object, rechecked ADSI LostandFound, rechecked NTDSUTIL .. I'm at a hard loss to figure out what's stopped the Functional Level upgrade.
Any ideas?
This topic first appeared in the Spiceworks Community
Maybe you are looking for
-
Transformation issue: cx_rsrout_skip_value.
This line of code in my transformation: <b>raise exception type cx_rsrout_skip_value. "INS</b> is giving me this syntax error: <b>E:The type "CX_RSROUT_SKIP_VALUE" is unknown.</b> anybody got any suggestions?
-
Error while updating PO - 'This document is locked by another user. Please
All, While updating the PO through API (Oracle Version - 11i) we are getting the error message 'This document is locked by another user. Please try again later.' intermittently. We are using below API to update the PO through interface program. po_ch
-
hello, I've created a simple java web dynpro and should create 2 JCo destinations WD_MODELDATA_DEST and WD_RFC_METADATA_DEST WD_MODELDATA_DEST is ok but I'm having problems creating the second one WD_RFC_METADATA_DEST destination type should be "d
-
Transfering presentations from powerpoint to Keynote
Hi I have transfered a powerpoint presentation onto Keynote and have two problems. 1. When i saved the presenation in Keynote the text does not appear on the presentaion as the texts that are on the presenation are not part of Apples fonts. The texts
-
I am making simple text from the built-in text generator (white text on black background). I put it in my timeline, and it looks great. I add the "Dip to Color" transition, and render everything in the render all pull-down menu...but still my text lo