Upgrading Forest and Domain Functional level

Similar Messages

• Exchange Server 2003 SP2 - Forest and Domain Functional Level Limitations

  Hi All
  Bit of a legacy question and theres not much clarity out there..
  I need to confirm the highest DFL and FFL Supported by Microsoft for Exchange 2003 SP2?
  We currently have a mix of 2003 R2 and 2008 R2 domain controllers with the FFL and DFL currently set at 2003 R2.
  The plan is to move to Exchange 2010 in the very near future, so the question is do we need to wait until we upgrade to Exchange 2010 Before upgrading the DFL and FFL to 2008 R2?
  From what Ive read we will need to complete the Exchange upgrade first before moving forward with the functional level upgrades..
  Thanks in advance
  Bull

  Hi Bull,
  As Ed mentioned, Exchange server 2003 and Exchange 2010 support Windows Server 2003 domain functional level and Windows Server 2003 forest functional level, also supported in higher environment.
  More details about it, please refer to “Supported Active Directory environment” section:
  http://technet.microsoft.com/en-us/library/ff728623(v=exchg.150).aspx
  Note that we cannot add new DCs which are the less version of Windows Server
  cannot be added to the domain or forest. More details about
  the Impact of Upgrading the Domain or Forest Functional Level, for your reference:
  http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
  Best Regards,
  Allen Wang

• Forest and domain functional level Windows Server 2012 R2 - what's new?

  Hi, I still can't find documentation about the new domain and forest functional levels in WS 2012 R2.
  a) "What's New in Active Directory in Windows Server 2012 R2"
  http://technet.microsoft.com/en-us/library/dn268294.aspx
  No word about it.
  b) "Understanding Domain and Forest Functional Levels"
  http://technet.microsoft.com/en-us/library/cc771294.aspx
  Still WS 2012.
  Thorsten

  For what's New in Active Directory in windows server 2012 R2,
  Read the following Blog
  http://policelli.com/blog/archive/2013/06/27/whats-new-in-active-directory-in-windows-server-2012-r2-preview/
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer".

• Logon failure after upgrade Windows 2003 domain functional level and schema

  Before upgrade:
  Windows 2003 Std server: Domain functional level 2000, Schema verion 30
  Crystal Report XI R2: Authentication: Windows AD
  Logon OK.
  After Upgrade:
  Windows 2003 Std + Windows 2008: Domain functional level 2003, Schema verion 44
  Crystal Report XI R2: Authentication: Windows AD
  Logon Error: An error has occurred: java.lan.NullPointerException
  Is it a Tomcat problem?  OR Java runtime problem?  OR XI R2 problem?
  Anyone can help to fix it!?  Thanks!!

  OK, I try again in the testing lab and simplify the combination.  We only consider Windows 2003 ONLY.
  Before AD upgrade:
  AD/Domain Controller: Windows 2003 Std server: Domain functional level 2000, Schema verion 30
  Crystal Report XI R2: run on Windows 2003 memeber server
  Operating OS: Windows XP/Vista/7: Authentication: Windows AD
  Logon OK.
  Upgrade cmbination 1
  Step 1:
  Upgrade Domain controller: Windows 2003 to Windows 2003 R2 (Domain functional level 2000, Schema verion 31 )
  Crystal Report XI R2: run on Windows 2003 memeber server
  Operating OS: Windows XP/Vista/7: Authentication: Windows AD
  Logon OK.
  Step 2:
  Upgrade Domain Functional Level: Windows 2003 R2 (Domain functional level 2003, Schema verion 31)
  Crystal Report XI R2: run on Windows 2003 memeber server
  Operating OS: Windows XP/Vista/7: Authentication: Windows AD
  Logon Fail
  Logon Error: An error has occurred: java.lan.NullPointerException
  Upgrade combination 2
  Direct upgrade Domain Functional Level: Windows 2003 (Domain functional level 2003, Schema verion 30)
  Crystal Report XI R2: run on Windows 2003 memeber server
  Operating OS: Windows XP/Vista/7: Authentication: Windows AD
  Logon Fail
  Logon Error: An error has occurred: java.lan.NullPointerException
  In this testing, we can conclude that the Domain Functional Level upgrade from 2000 to 2003. The MI logon will fail.
  Q1. Crystal Report XI R2 cannot run on Windows 2003 server (Domain Functional Level: 2003)?
  Q2. If Crystal Report XI R2 can run on Domain Functional Leve: 2003, how to fix our problem?
  Do you have any idea to help us?  Thanks!
  Edited by: Initiator on Jul 20, 2010 6:22 AM

• Lync 2013 and Raising Forest/Domain Functional Level?

  My current forest and domain functional levels are 2008 R2. I know I can safely upgrade the functional levels in most cases, but I want to specifically know with regards to Lync.
  Our entire environment, including Lync, is running on Windows Server 2012 R2. (We have no domain joined clients.) We are running Lync 2013 Standard with all the latest updates.
  Can I safely raise the forest and domain functional levels to 2012 R2 without impacting Lync?

  Hi,
  Yes, you can raise Forest and domain function level to Windows Server 2012 R2 without issue.
  After raising Forest\domain function level, the new features that rely on the functional level are generally limited to AD itself. Regardless, changing the Domain or Forest Functional Level should have no impact on an application that depends on
  Active Directory.
  More details:
  http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Domain Functional Level: 2008 R2 to 2012 R2

  My current forest and domain functional levels are 2008 R2. I know I can safely upgrade the functional levels in most cases, but I want to specifically know with regards to Lync.
  Our entire environment, including Lync, is running on Windows Server 2012 R2. (We have no domain joined clients.)
  Can I safely raise the forest and domain functional levels to 2012 R2 without impacting Lync?

  you can easily upgrade the funtional level without any issues since you have all the Domain Controllers on Win server 2008R2.
  http://support2.microsoft.com/kb/2869728/en-us
  For more details : Listed below link has the table which shows the effects of upgrading the domain functional levels to Windows 2012
  http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels
  pankaj(MCT)

• AD FS Across Differing Domain Functional Levels

  My customer needs to implement AD FS for single sign on due to a cloud based email solution they recently implemented. The problem is, their domain controllers are Server 2003 (non-R2) at a functional level of 2003 mixed mode. They should be able to raise
  to 2003 native if necessary however. Their solution is to create a new 2008 domain and implement a two-way trust, running AD FS in the new domain serving the clients in the 2003 domain.  This way should be quicker than upgrading their current domain
  which would be a rather large project due to their size and complexity. 
  Are there any gotcha's I should know about with doing it this way?  I have verified that we can create the two-way trust between domains of these functional levels, and AD FS can service clients in a trusted domain, but I am not entirely sure if AD
  FS will care that the trusted domain is 2003 non-R2.  Can anyone confirm if this will be a feasible scenario? 
  Thanks very much!!
  Wraith

  Hi
  Wraith,
  In addition, if you are not using Windows Server 2012 or above as ADFS server, you will be fine with Windows 2003 mixed mode.
  “Since ADFS does not require Active Directory functional-level modifications to operate successfully. However, if you are using Windows NT token–based applications and
  you want a token to be generated using Kerberos Service-for-User (S4U), the domain functional level must be Windows 2000 native or Windows Server 2003”, quoted form below article:
  Appendix A: Reviewing ADFS Requirements
  http://technet.microsoft.com/en-us/library/cc778681(v=WS.10).aspx
  More information for you:
  ADFS and Domain Functional Level
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/5cc0e898-eae2-46ce-8491-5ccf61380423/adfs-and-domain-functional-level?forum=winserverDS
  ADFS requirements
  http://technet.microsoft.com/en-us/library/cc727972(v=WS.10).aspx
  Best Regards,
  Amy

• Cannot Replicate after upgrading domain functional level

  Hello, 
  Parent and child domain. Parent domain (forest) still in domain functional level 2003. However, child domain i just updated to domain functional level 2008 R2. Now replication is not working. I believe the issue is dns, but i do not know what could be different
  the names have not changed? This is a two way transitive trust between domains.
  Frequent messages from dcdiag dns, are 
  no DNS RPC connectivity (although i have tried restarting dcom, netbios and frs)
  Also in event viewer many 13508 errors
  Any help is greatly appreciated thank you.

  Have you restarted the DCs after that you raised the functional level? The password of the krbtgt account is reset when the DFL is raised from 2003 -> and sometimes the DCs need to be restarted for the authentication to succeed up to the root.
  If you from a Windows Server 2008 R2 DC run dcdiag /test:dns /E dose it report any errors?
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog

• Lingering 2003 DC causing Domain Functional Level Upgrade fail

  Got that one too :(
  I can't find hide nor hair of this darn beast anywhere

  Have a DEAD 2003 DC - check
  Have removed it from AD via GUI (ADUC) deletion - Check
  Cleaned up DNS - Check and double check
  Review LostandFound container in ADSI edit - Check - No objects present
  Right click Domain Name in ADUC, select Raise Domain Functional level - F A I L
  Run through NTDSUTIL Metadata cleanup steps (MS technet article) - The server object isn't there
  What am I missing here? I've gone back over DNS, searched for the computer object, rechecked ADSI LostandFound, rechecked NTDSUTIL .. I'm at a hard loss to figure out what's stopped the Functional Level upgrade.
  Any ideas?
  This topic first appeared in the Spiceworks Community

• Why domain functional level should be greater than or equal to forest FL?

  We know that domain functional level must be greater than or equal to forest functional level. Why is that so?
  My perspective is if we set FFL to windows server 2008 r2 and DFL to windows 2003, active directory recycle bin won't be available to the domain whose FL is windows 2003. Is that right?

  My perspective is if we set FFL to windows server 2008 r2 and DFL to windows 2003, active directory recycle bin won't be available to the domain whose FL is windows 2003. Is that right?
  Greetings!
  Active Directory Recycle Bin needs to be implemented in a forest with 2008 R2 forest functional level. Because it was added in 2008 R2 operating system. In order to have a 2008 R2 forest functional level you need to raise all the child domains DFL's first.
  Regards.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Domain functional level upgraded to 2008 r2 native mode but query states 2003

  Nothing :(

  I raised the domain functional level last night to 2008 r2 native mode and after allowing everything to sync i ran the command get-addomain .domainmode and it came back ast windows2003forest. 
  I dont understand why it is showing up this way, we removed all of the 2003 domain controllers and server from our network before doing this...Any suggestions?
  This topic first appeared in the Spiceworks Community

• Looking for a Microsoft products compatibility matix and AD functional levels.

  I need to upgrade the AD Forest Functional level from Windows 2003 to Windows 2008 R2. A products compatibility matrix would be a big help.
  Both domain controllers are Windows 2008 R2.
  Forest Functional Level - Windows 3003.
  Domain Functional Level - Windows 2008 R2
  We have an old SharePoint Services 2.0 server and I need to know if changing the Forest Level will break the SharePoint site.
  Additionally, we have MSSQL 2005 and 2008.
  Any help is greatly appreciated.
  Dave 

  Hello,
  for Sharepoint please see
  http://social.msdn.microsoft.com/Forums/office/en-US/f8933979-f993-4325-b931-31be023df1d5/is-sharepoint-portal-server-2003-supported-with-active-directory-domain-services-2012?forum=sharepointadminlegacy and if that doesn't help please ask in the same forum.
  This is more about Sharepoint then AD.
  MS SQL is not related with FFL/DFL. To be sure ask the SQL server guys in
  http://social.technet.microsoft.com/Forums/sqlserver/en-us/home?category=sqlserver
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Raising Domain Functional level

  We have 75 domain Controllers in our Org and current Domain Functional level is 2003. We have a mix setup where all versions of OS are available starting from 2003. A large no of applications are also integrated with our current Active Directory.
  My concern is, If I raise my Domain Functional level to 2008 then what are the consequences we might face in terms of accessing legacy applications.
  Please let me know the checklist which we need to follow and incase of any failure then what will be the rollback procedure.
  Looking forward for your valuable inputs. 

  Hi, 
  I agree with others. Once the Functional Level has been upgraded, new
  servers running on lower versions cannot be added
  as Domain Controllers to the domain or forest. If all the DCs in the domain is server 2008 and later version, we can raise the function level of the domain to get more advanced features.
  > If I raise my Domain Functional level to 2008 then what are the consequences we might face in terms of accessing legacy applications.
  For this question, make sure that the applications in the domain are compatible with the new functional level
  For detailed information about how to raise function level, we can refer to the following link:
  Raising the Functional Levels
  http://technet.microsoft.com/en-us/library/cc771949(v=WS.10).aspx
  Best Regards,
  Erin

• Error Domain functional level

  Hi i have that error in my Domain Controller. Install Windows
  Server 2012 R2, and I want to raise the functional level.
  This Domain Controller no longer exists,
  but is within the domain.
  To update the domain functional level, the Active Directory Domain Controllers in the domain must be running the appropriate version of windows.
  domain Name
  xxxxxx.local
  Current domain functional level
  Windows Server 2008
  The following Active Directory Domain Controllers are running earlier versions of windows:
  domain Name    AD DC    Version of Windows
  xxxxxxx.local    server.xxxxxx.local    Windows Server® 2008 Standard 6.0 (6001)
  that I can
  do?

  it might be in the "LostAndFoundConfig" container in the Configuration partition.
  Something like this should be logged:
  Event Type: Warning
  Event Source: NTDS General
  Event Category: Directory Access
  Event ID: 1723
  Date: 6/4/2005
  Time: 7:39:52 AM
  User: NTDEV\A1ADCH
  Computer: NTDEV-DC-07
  Description:
  Active Directory failed to raise the functional level of the domain or forest
  because the following domain controller is at a lower functional level.
  Object (forest or domain):
  DC=ntdev,dc=corp,DC=microsoft,DC=com
  NTDS Settings object of domain controller:
  CN=NTDS Settings,CN=LostAndFoundConfig,CN=Configuration,DC=ntdev,DC=corp,DC=com
  For more information, see Help and Support Center at
  http://go.microsoft.com/fwlink/events.asp.
  Delete the 'NTDSA' object from the "LostAndFoundConfig" container using ADSIEdit.
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog

• CRM2015: AD Domain Functional Levels Ambiguity - Clarification Sought

  In the Planning and Deployment guide (page 17) It states.
  The domain where the server is located must be running in one of the following Active Directory domain functional levels:
  Windows Server 2008 Modes
  Windows Server 2008 R2 Modes
  Windows Server 2012 Modes
  For more information about Active Directory domain and forest modes, see:
  Understanding Active Directory Domain Services (AD DS) Functional Levels
  Active Directory (Windows Server 2012 R2)
  Windows 2000 Server forest and domain modes are not supported with this version of Microsoft Dynamics CRM.
  When it states Windows Server 2008 Modes, does it mean only 2008 modes, or the modes supported by 2008. As I believe one of the 2008 Modes is 2003 Native and Interim.
  Can anybody confirm if AD controllers must be 2008 or higher to support CRM?