Raising Domain Funcational Level

i am looking to raise the domain/forest functional level on my domain from 2003 to 2012. I have been recieving Event ID 4515 about a duplicate DNS zone error. Will this error potentially cause me any issues or problems when i try to raise the domain/forest
functional level to 2012?

I would always recommend that you fix all your AD problems before making changes on it.
Ace already documented the issue about duplicate DNS zone: http://blogs.msmvps.com/acefekay/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones/
The article shares how this could be fixed.
Once done, I would recommend that you use dcdiag and
repadmin commands to check that your DCs are in a healthy state and that your AD replication works fine.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile

Similar Messages

  • Raise domain functional level

    Hi All,
      What all that need to be considered before raising domain / forest functional level.

    Hi channavera,
    Some items that you want to consider are what OS are you running for all your DC's in the domain/forest. This is important, since you have to have a certain level for the functional level. For example, if you want to raise up to functional level of 2012,
     you will need to make sure any DC's running 2008 or lower are upgraded before you do so. Raising the functional level will change up the schema for the domain, making it incompatible with the lower OS's.  If you are going to continue to run 2008
    server in the domain/forest, you will want to only raise the functional level to 2008.  Also, keep in mind, you cannot go to a lower functional level (i.e. if you go to 2012, you cannot go back to 2008) except under very specific circumstances.  
    I know what I brought up is not the only consideration, but a big one, as it basically determines what functional level you want to use for the domain/forest.
    Also, this technet site goes over what changes for each level. Understanding AD Functional levels

  • Raising Domain Functional level

    We have 75 domain Controllers in our Org and current Domain Functional level is 2003. We have a mix setup where all versions of OS are available starting from 2003. A large no of applications are also integrated with our current Active Directory.
    My concern is, If I raise my Domain Functional level to 2008 then what are the consequences we might face in terms of accessing legacy applications.
    Please let me know the checklist which we need to follow and incase of any failure then what will be the rollback procedure.
    Looking forward for your valuable inputs. 

    Hi, 
    I agree with others. Once the Functional Level has been upgraded, new
    servers running on lower versions cannot be added
    as Domain Controllers to the domain or forest. If all the DCs in the domain is server 2008 and later version, we can raise the function level of the domain to get more advanced features.
    > If I raise my Domain Functional level to 2008 then what are the consequences we might face in terms of accessing legacy applications.
    For this question, make sure that the applications in the domain are compatible with the new functional level
    For detailed information about how to raise function level, we can refer to the following link:
    Raising the Functional Levels
    http://technet.microsoft.com/en-us/library/cc771949(v=WS.10).aspx
    Best Regards,
    Erin

  • Unable to Raise domain functional level

    I am installing a Server 2012 std.  in a single domain. The current DC is Server 2008 std. When I try to raise the domain functional level to at least 2003 it gives me an error.
    I did the save as and viewed the error message.  Apparently some time in the past they had a Server 2000 and active directory still has the entries that is preventing the domain from being raised.  I removed the old server from AD CU and restarted
    the server.  Still will not let me raise the level, same error.  Do I need to use ADSI edit and remove all the entries also?  What about DNS entries?
    Thank you for a rapid answer.
    Wade Harris

    Hi Wade,
    Please refer to following KB and check if can help you. (Please back up before all operations. That will help us to avoid unexpected issues.)
    How to remove data in Active Directory after an unsuccessful domain controller demotion
    In addition, please also use dcdiag
    command-line tool to verify domain controller health.
    If any update, please feel free to let me know.
    Hope this helps.
    Best regards,
    Justin Gu
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Lingering 2003 DC causing Domain Functional Level Upgrade fail

    Got that one too :(
    I can't find hide nor hair of this darn beast anywhere

    Have a DEAD 2003 DC - check
    Have removed it from AD via GUI (ADUC) deletion - Check
    Cleaned up DNS - Check and double check
    Review LostandFound container in ADSI edit - Check - No objects present
    Right click Domain Name in ADUC, select Raise Domain Functional level - F A I L
    Run through NTDSUTIL Metadata cleanup steps (MS technet article) - The server object isn't there
    What am I missing here? I've gone back over DNS, searched for the computer object, rechecked ADSI LostandFound, rechecked NTDSUTIL .. I'm at a hard loss to figure out what's stopped the Functional Level upgrade.
    Any ideas?
    This topic first appeared in the Spiceworks Community

  • Raising the functional level on a large forest/domain with a DC offline?

    Hello All
    I've done what research that I can and haven't been able to find a definitive answer outside of people purposely taking a DC offline while raising the functional level of a forest in case they need to do an authorative restore, but I have a bit of a different
    situation and I just need to confirm something.
    I have to perform the task on a very large AD infrastructure that includes 90+ domain controllers globally and I've run into a scheduling conflict that is out of my control. One of the locations overseas will be going through some maintenance during
    my time window when I will be raising the functional level of the forest and domain.
    The question is, what happens to the DC that is offline during this period? Once it is restarted, do the changes replicate to that DC, or do I need to perform the task in place for that DC? If anyone has any links or instructions on how to bring a DC online
    after the functional level of both the forest and domain have been raised, please let me know.

    The DC can be offline and it won't be an issue.  when it comes back online the changes should replicate to it.  Just don't keep it offline longer than the tombstonelifetime.
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security, BS CSci
    2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
    Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
    Please no e-mails, any questions should be posted in the NewsGroup.
    This posting is provided AS IS with no warranties, and confers no rights.

  • Raising Domain Functional / Forest Functional Levels

    Hi guys,
    I've upgraded my AD servers to Windows 2012 and have removed all the Windows 2003 servers in my network.
    However, I wish to implement fine grained password policy. However, my Forest and Domain Functional levels are still at 2003. The minimum requirement for fine grained password policy states that the domain functional level must be set to
    Windows Server 2008 or higher.
    How do I go about raising the Forest / Domain functional level? Which functional level should I raise first (the forest or domain)? Will there be any downtime and implications if I were to perform the raise?
    Thanks guys!!

    Hi guys,
    I've upgraded my AD servers to Windows 2012 and have removed all the Windows 2003 servers in my network.
    However, I wish to implement fine grained password policy. However, my Forest and Domain Functional levels are still at 2003. The minimum requirement for fine grained password policy states that the domain functional level must be set to
    Windows Server 2008 or higher.
    How do I go about raising the Forest / Domain functional level? Which functional level should I raise first (the forest or domain)? Will there be any downtime and implications if I were to perform the raise?
    Thanks guys!!
    There will be no downtime when raising your Domain Functional Level or Forest Functional Level.
    All you need to know is that by raising your DFL to Windows Server 2008 or higher, you will not be able to set it back to Windows Server 2003 without a recovery from backup (This is not a reversible operation without restore). Also, you will need to have
    DCs that are running OSs with the same level as your DFL or higher.
    If you are not planning to add DCs that are running OSs lower than Windows Server 2012 then simply raise your DFL and FFL to Windows Server 2012. FYI, as long as you have not enabled AD recycle Bin, you can downgrade the DFL and FFL to Windows Server 2008.
    More about the benefits you can take by raising your DFL and FFL here: https://technet.microsoft.com/en-gb/library/understanding-active-directory-functional-levels(v=ws.10).aspx
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Lync 2013 and Raising Forest/Domain Functional Level?

    My current forest and domain functional levels are 2008 R2. I know I can safely upgrade the functional levels in most cases, but I want to specifically know with regards to Lync.
    Our entire environment, including Lync, is running on Windows Server 2012 R2. (We have no domain joined clients.) We are running Lync 2013 Standard with all the latest updates.
    Can I safely raise the forest and domain functional levels to 2012 R2 without impacting Lync?

    Hi,
    Yes, you can raise Forest and domain function level to Windows Server 2012 R2 without issue.
    After raising Forest\domain function level, the new features that rely on the functional level are generally limited to AD itself. Regardless, changing the Domain or Forest Functional Level should have no impact on an application that depends on
    Active Directory.
    More details:
    http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

  • What is the effect if I Raise my domain functional level to Windows Server 2012 R2 ?

    Hi,
    my current servers:
    Domain Controllers= Windows Server 2012 R2 (current domain functional level is windows 2008 R2)
    Mail servers= Exchange 2010 SP3 on Windows 2008 R2
    Lync= Lync 2010 on Windows server 2008 R2
    What is the effect if I Raise my domain functional level to Windows Server 2012 R2 ?
    I am very worried about Exchange & Lync if we do this action
    please advice

    Do not raise the forest functional level higher if you have or will have any domain controllers running
    an earlier version of Windows Server , which is (windows Nt4.0,  Window 2000 or windows 2003)
    but as a matter of fact I dont see any of those in your network so you can easily upgrade the funtional level without any issues
    Listed below link has the table which shows the effects of upgrading the domain functional levels to Windows 2012
    http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels
    http://www.arabitpro.com

  • Domain Functional Level: 2008 R2 to 2012 R2

    My current forest and domain functional levels are 2008 R2. I know I can safely upgrade the functional levels in most cases, but I want to specifically know with regards to Lync.
    Our entire environment, including Lync, is running on Windows Server 2012 R2. (We have no domain joined clients.)
    Can I safely raise the forest and domain functional levels to 2012 R2 without impacting Lync?

    you can easily upgrade the funtional level without any issues since you have all the Domain Controllers on Win server 2008R2.
    http://support2.microsoft.com/kb/2869728/en-us
    For more details : Listed below link has the table which shows the effects of upgrading the domain functional levels to Windows 2012
    http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels
    pankaj(MCT)

  • AD FS Across Differing Domain Functional Levels

    My customer needs to implement AD FS for single sign on due to a cloud based email solution they recently implemented. The problem is, their domain controllers are Server 2003 (non-R2) at a functional level of 2003 mixed mode. They should be able to raise
    to 2003 native if necessary however. Their solution is to create a new 2008 domain and implement a two-way trust, running AD FS in the new domain serving the clients in the 2003 domain.  This way should be quicker than upgrading their current domain
    which would be a rather large project due to their size and complexity. 
    Are there any gotcha's I should know about with doing it this way?  I have verified that we can create the two-way trust between domains of these functional levels, and AD FS can service clients in a trusted domain, but I am not entirely sure if AD
    FS will care that the trusted domain is 2003 non-R2.  Can anyone confirm if this will be a feasible scenario? 
    Thanks very much!!
    Wraith

    Hi
    Wraith,
    In addition, if you are not using Windows Server 2012 or above as ADFS server, you will be fine with Windows 2003 mixed mode.
    “Since ADFS does not require Active Directory functional-level modifications to operate successfully. However, if you are using Windows NT token–based applications and
    you want a token to be generated using Kerberos Service-for-User (S4U), the domain functional level must be Windows 2000 native or Windows Server 2003”, quoted form below article:
    Appendix A: Reviewing ADFS Requirements
    http://technet.microsoft.com/en-us/library/cc778681(v=WS.10).aspx
    More information for you:
    ADFS and Domain Functional Level
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/5cc0e898-eae2-46ce-8491-5ccf61380423/adfs-and-domain-functional-level?forum=winserverDS
    ADFS requirements
    http://technet.microsoft.com/en-us/library/cc727972(v=WS.10).aspx
    Best Regards,
    Amy

  • Cannot Replicate after upgrading domain functional level

    Hello, 
    Parent and child domain. Parent domain (forest) still in domain functional level 2003. However, child domain i just updated to domain functional level 2008 R2. Now replication is not working. I believe the issue is dns, but i do not know what could be different
    the names have not changed? This is a two way transitive trust between domains.
    Frequent messages from dcdiag dns, are 
    no DNS RPC connectivity (although i have tried restarting dcom, netbios and frs)
    Also in event viewer many 13508 errors
    Any help is greatly appreciated thank you.

    Have you restarted the DCs after that you raised the functional level? The password of the krbtgt account is reset when the DFL is raised from 2003 -> and sometimes the DCs need to be restarted for the authentication to succeed up to the root.
    If you from a Windows Server 2008 R2 DC run dcdiag /test:dns /E dose it report any errors?
    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog

  • Error Domain functional level

    Hi i have that error in my Domain Controller. Install Windows
    Server 2012 R2, and I want to raise the functional level.
    This Domain Controller no longer exists,
    but is within the domain.
    To update the domain functional level, the Active Directory Domain Controllers in the domain must be running the appropriate version of windows.
    domain Name
    xxxxxx.local
    Current domain functional level
    Windows Server 2008
    The following Active Directory Domain Controllers are running earlier versions of windows:
    domain Name    AD DC    Version of Windows
    xxxxxxx.local    server.xxxxxx.local    Windows Server® 2008 Standard 6.0 (6001)
    that I can
    do?

    it might be in the "LostAndFoundConfig" container in the Configuration partition.
    Something like this should be logged:
    Event Type: Warning
    Event Source: NTDS General
    Event Category: Directory Access
    Event ID: 1723
    Date: 6/4/2005
    Time: 7:39:52 AM
    User: NTDEV\A1ADCH
    Computer: NTDEV-DC-07
    Description:
    Active Directory failed to raise the functional level of the domain or forest
    because the following domain controller is at a lower functional level.
    Object (forest or domain):
    DC=ntdev,dc=corp,DC=microsoft,DC=com
    NTDS Settings object of domain controller:
    CN=NTDS Settings,CN=LostAndFoundConfig,CN=Configuration,DC=ntdev,DC=corp,DC=com
    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Delete the 'NTDSA' object from the "LostAndFoundConfig" container using ADSIEdit.
    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog

  • Migrating from 2003 domain/forest level to 2008R2 with all DC's at 2008R2 and 2 other Domain External and Forest Trusts

    Is there anything that needs to be done or considered when migrating from 2003 domain/forest level to 2008R2 with all DC's at 2008R2 with 2 other 2003 separate Domain incoming
    and outgoing Trusts, one Trust that is a Forest Trust and the other is an External Trust? Is there any chance or risks that doing this upgrade will break either one of these Trust relationships? Some of the user accounts with SID history have been migrated
    from both Domain Trusts to our domain. Any chance that this upgrade will break these relationships for users that are using SID history for access to folders and files in their old Domains? If so what can be done to protect these trusts and SID history, prior
    to moving the Domain to 2008R2

    Hi,   
    Based on my knowledge,
    the Upgrade of the function level do not affect the trust relationship.
    Besides, before you upgrade the Functional Level,
    verify that all DCs in the domain are, at a minimum, at the OS version to which you will raise the functional level.
    Once the Functional Level has been upgraded, new DCs on running on downlevel versions of Windows Server cannot be added to the domain or forest.
    For more information about function level, we can refer to following links:
    Understanding Active Directory Domain Services (AD DS) Functional Levels
    http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx
    What is the Impact of Upgrading the Domain or Forest Functional Level?
    http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
    Best Regards,
    Erin

  • Why domain functional level should be greater than or equal to forest FL?

    We know that domain functional level must be greater than or equal to forest functional level. Why is that so?
    My perspective is if we set FFL to windows server 2008 r2 and DFL to windows 2003, active directory recycle bin won't be available to the domain whose FL is windows 2003. Is that right?

    My perspective is if we set FFL to windows server 2008 r2 and DFL to windows 2003, active directory recycle bin won't be available to the domain whose FL is windows 2003. Is that right?
    Greetings!
    Active Directory Recycle Bin needs to be implemented in a forest with 2008 R2 forest functional level. Because it was added in 2008 R2 operating system. In order to have a 2008 R2 forest functional level you need to raise all the child domains DFL's first.
    Regards.
    Mahdi Tehrani   |  
      |  
    www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as
    and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.
    How to query members of 'Local Administrators' group in all computers?

Maybe you are looking for

  • How do I remove an iCloud account from an iPad?

    My aunt set up my grandmother's iPad and used her iTunes/iCloud information.  My grandmother wanted to be able to buy things from the store so I created an account for her with iTunes, but I can't figure out how to remove my aunt's Apple ID from the

  • Error while saving the configuration

    H, I'm getting the following error while try to save the configuration in L3 switch. Rou#wr Building configuration... % Warning: Saving this config to nvram may corrupt any network management or sec urity files stored at the end of nvram. Continue? [

  • How to detect an AUTO_INCREMENT column in a table of PostgreSQL DB?

    Hello, I need to detect an AUTO_INCREMENT column in a table of PostgreSQL DB. Note : PostgreSQL uses sequence number to create an AUTO_INCREMENT column. From a ResultSetMetaData, I call the methode isAutoIncrement(int index) which returns true if the

  • [Solved] Issue building Firefox 27

    Hello, Apologies if this is addressed elsewhere or this is not the place. Trying to build Firefox 27 and getting the following output from yaourt -Sb firefox . Executing /tmp/yaourt-tmp-dave/abs-firefox/src/mozilla-release/obj-x86_64-unknown-linux-gn

  • Tabs in Photo Album

    When I open up my photos, I no longer have the tabs at the top where I used to be able to select to view photos, videos, or all. How can I get them back?