Windows 2008 R2 domain controllers with Windows 2003 forest functional level Supported after Windows 2003 support ends in July 2015

Similar Messages

• Existing 2003 forest functional level -- 2012 forest functional level in production environment?

  Hello experts!  
  A quick question if it can be one:
  Is it possible to raise a forest functional level from 2003 to 2012 in a production environment (only 2003 DCs with existing roles to only 2012 DCs)?  If so, is there a standard implementation of the upgrade process
  (migration of roles, migration tools, etc.)?
  many thanks!
  David

  hi,
  Thanks for posting. 
  Sorry i don't know if i am understanding your question. Are you talking about upgrading your DC's in your current forest to 2012 then raising the functional level? 
  If so, first of all you can only raise the forest and domain functional levels when all DC's in the forest and domain are at 2012 or higher. 
  To get your domain unto 2012 DC's there are a couple of paths you can adopt, but generally the simplest is:
  1. Introduce your first 2012 / 2012 R2 DC into your existing domain, this will extend the schema with the additional attributes that are required to 2012 - this is an automatic process during promotion of your first 2012 DC.
  2. Go through and start replacing your existing domain controllers. You don't normally do an inlace upgrade, the preferred method would be to use different hardware, built up the new DC to replace your existing one, then demote the existing one - keep going
  through this process until all your DC's are 2012.
  NB: which ever DC(s) currently holds the FSMO roles you will need to transfer these to one of your new 2012 DC's before you decommission that one. 
  if i've got what you were asking wrong, please let me know, otherwise hopefully this helps.
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  Blog: http://www.windows-support.co.uk 
  Twitter:   LinkedIn:

• How to Reset Windows 2008/R2 Domain Administrator Password

  How to Reset Windows Server 2008/R2 Domain Administrator password if forgot or lost it?
  It is annoying and bad to forget a Windows Server 2008/r2 Domain administrator login password. It is troublesome unless you have that Windows Server 2008/r2 password reset disk. We can still find several tricks to reset Windows Server Domain password but they require a mass of operations and waste a lot of time. For example, you can reset Windows Server 2008/R2 domain administrator password with an installation disk but it requires you to type a mass of command line. So today I want to share everyone an omnipotent method to reset Windows Server 2008/R2 Domain/local administrator password. You need the following 3 things.
  An accessible PC.
  A USB/CD/DVD flash drive.
  The Windows password reset tool Daossoft Windows Password Rescuer.
  Then it requires 4 steps as below:
  Step 1: Download and install Daossoft Windows Password Rescuer into that accessible computer.
  Step 2: Burn it to the flash drive.
  Step 3: Boot your Windows Server computer from the flash drive.
  Step 4: Follow its instruction and click “Reset Password” button to reset your Windows 2008/R2 Domain/Local administrator password.
  More details in this video: Windows Server 2008 R2 Password Reset - Reset Domain or Local Password.

  It wasn't difficult to reset the domain password and I think Microsoft's policy of not providing an easy forward way is to create an
  illusion of security which is not there. Linux systems that are much more secure that MSFT software allow easy password reset when physical access is there so why not include the same tools in System Repair tools or using F8?
  Anyhow, this guide helped me reset the password in 5 minutes. Read the bottom of it to find the scripted / automatic version of the process:
  http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
  Thanks,

• Things to be considered before AD - domain and forest functional level upgrade (win 2003 to 2008 R2)

  Hi
  Recently we introduced Windows 2008 R2 DCs and decommissioned old Windows 2003 domain controllers. Since we are not sure about the application compatibility (both MS and 3rd party) many times we postponed the plan to upgrade the DFL and FFLs. We found Jonathan's
  blog (http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx),
  whcih clearly says the upgrade won't affect any applications. But just to confirm this with the experts we are posting this concern once again. We have Exchange 2010 / Shrepoint / SQL / SAP etc..(also 2 X windows 2000 servers)
  Please let us know from your real experiance - in production environment how a upgrade from 2003 to 2008 R2 (belive we can able to upgarde both FFL and DFLs from Win 2003 to Win 2008 R2) affects existing applications.
  Thanks in advance
  LMS

  I might be able to help with Exchange. What service pack?
  Most likely, there should be no problem. The Exchange compability matrix shows that (with SP2 and SP3) it is compatible with Windows 2008 R2 domain controllers and 2008 R2 domain and forest functional levels.
  I'm *working on* an Exchange 2010 migration but if you want someone who *has* such a combination (2008 R2 DFL/FFL and Exchange 2010), you could ask in the Exchange forum.
  I'm sure, though, that such a combination is actually quite common.
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• Which domain and forest functional level is supportted for the "Active Directory Resource Pool Synchronization"?

  Hi all,
  I'd like to confirm which Domain/Forest functional levels of Active Directory is supported for "Active Directory Resource Pool Synchronization" in Project Server 2013.
  I guess that 2003 or later is supported, but my customer required reliable sources.
  I googled and searched article at TechNet, but I couldn't find.
  Could anyone inform me the article about that?
  Thank you in advance.
  Kaori.

  Hi Michael and all,
  Anyway I solved this issue.
  I couldn't find article that I desired, so I asked advice to my colleagues and they told that the functional level 2003 or later are supported in their experience.
  In addition, I found these articles about SharePoint sync limitations.
  Members of the domain local group cannot view a Microsoft Office SharePoint Server 2007 Web site
  http://support.microsoft.com/kb/932378/en-us
  SharePoint supportability of Read only Domain controllers
  http://support.microsoft.com/kb/970612

• Add Windows Server 2012 R2 domain controller to Windows 2008 R2 domain

  Hi,
  Have today 2 x Windows Server 2008 R2 domain controllers, and domain and functional level 2008 R2.
  We now want to replace these DC`s with Windows Server 2012 R2.
  My plan is as follow
  - Install and promote a Windows Server 2012 R2 as a 3 DC`s with a temporary hostname and IP as DC3
  - Install and promote a second Windows Server 2012 R2 as a 4 DC`s with a temporary hostname and IP as DC4
  - Decomiss DC1 and remove this host. Change the IP and hostname of the new DC3 to DC1
  - Move FSMO roles from DC2 to DC1 and decomiss DC2
  - Change the IP and hostname of the new DC4 to DC2
  Will this be a ok progress ? I will offcours to have the DC`s replicate information between them before doing each task.
  /Regards Andreas

  Hi,
  Only error i got running dcdiag was the following
   Starting test: NCSecDesc
      Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
         Replicating Directory Changes In Filtered Set
      access rights for the naming context:
      DC=ForestDnsZones,DC=domain,DC=local
      Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
         Replicating Directory Changes In Filtered Set
      access rights for the naming context:
      DC=DomainDnsZones,DC=domain,DC=local
      ......................... DC1 failed test NCSecDesc
  Is this a problem ?
  I would guess not since im not implementing a RODC ? Ref:
  https://support.microsoft.com/en-us/kb/967482?wa=wsignin1.0
  You can ignore it.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• 10g Express Edition on Windows 2008 Enterprise R2 x64 with Active Directory

  I have successfully installed the 10g Express Edition on Windows 2008 Ent. r2 x64 with Microsoft Active Directory Domain Controller but i could not be able to run http://127.0.0.1:8080/apex
  Although i have run the http://127.0.0.1:8080/apex on my another Windows 2008 R2 x64 ant WITHOUT Active Directory Domain Controller Role.
  i think its related with AD Domain server role of my server, because i run that on same config and operation without Active Directory Domain Controller role.
  Can anyone help about this issue?
  thanks in advance

  I have experienced the same problem - running 10g Express on a Win 2008 (32-bit). When not being a Domain controller, the install was fine. When installing after the server had been given the Domain Controller role (+the required DNS), it failed. NO FIREWALLS are involved on the server. Seems like Oracle Express has problems being installed in this kind of environment - independent of x32 or x64 bit OS.
  Edited by: 811504 on Nov 17, 2010 11:44 PM

• Windows 2008 R2 backup fails with event 521 error code 2155348001

  Windows Server 2008 R2 SP1.  Hyper-V role installed. 
  OS on drive C.  All VMs stored on Drive D.
  I am attempting to run a Bare Metal backup of the host system to a network share. 
  Drive D is not included in the backup job.  I am getting the following error:
  Log Name:      Application
  Source:        Microsoft-Windows-Backup
  Date:          1/10/2014 11:28:52 PM
  Event ID:      521
  Task Category: None
  Level:         Error
  Keywords:     
  User:          SYSTEM
  Computer:      SHAQTUS.scdl.local
  Description:
  The backup operation that started at '‎2014‎-‎01‎-‎11T04:08:50.683000000Z' has failed because the Volume Shadow Copy Service operation to create a shadow copy of the volumes being backed up failed with following error code '2155348001'. Please review the event
  details for a solution, and then rerun the backup operation once the issue is resolved.
  Reviewing event details, as suggested, does not offer any solution.
  I have tried the suggested solutions in other similar threads of increasing the timeout value with the registry entry. 
  This does not work.
  I have not tried reregistering the VSS writers manually, as the only links I have found are for server 2003/2008 (not R2) and explicitly state that they won’t work on higher versions of the OS, since they now utilize manifests and the manual procedure could
  cause problems for those servers. Haven't found similar procedures for 2008 R2.
  I have been able to narrow this down a bit.
  A Windows 2008 R2 SP1 server with Hyper-V installed – backup to a network share is successful;
  Install the DPM 2012 agent – same backup fails with the 2155348001 error.
  We use DPM 2012 to backup VMs, but DPM cannot perform a bare metal backup/restore of server and the 2012 version no longer has the DPMSRT feature. 
  I prefer to run Bare Metal Backup to a file server share.
  Stuck on this one.
  Rick

  Hi, 
  The issue is related to DPM, I would suggest you ask for help from DPM forums:
  http://social.technet.microsoft.com/Forums/en-US/home?forum=dataprotectionmanager
  Regards, 
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Windows 2008 R2 Domain Controller (PDC) - NTP server - time showing local CMOS clock

  I'm having issues setting an external source on a Windows 2008 R2 domain controller (PDC emulator role for the domain)
  Here is the output showing its source is the Local CMOS clock.
  C:\Windows\System32>w32tm /query /status
  Leap Indicator: 0(no warning)
  Stratum: 1 (primary reference - syncd by radio clock)
  Precision: -6 (15.625ms per tick)
  Root Delay: 0.0000000s
  Root Dispersion: 10.0000000s
  ReferenceId: 0x4C4F434C (source name:  "LOCL")
  Last Successful Sync Time: 06/11/2014 15:44:15
  Source: Local CMOS Clock
  Poll Interval: 6 (64s)
  1) I have performed the following on the DC with the PDC role:
  net stop w32time
  w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org"
  w32tm /config /reliable:yes
  net start w32time
  w32tm /query /configuration 
  [Configuration]
  EventLogFlags: 2 (Local)
  AnnounceFlags: 5 (Local)
  TimeJumpAuditOffset: 28800 (Local)
  MinPollInterval: 6 (Local)
  MaxPollInterval: 10 (Local)
  MaxNegPhaseCorrection: 172800 (Local)
  MaxPosPhaseCorrection: 172800 (Local)
  MaxAllowedPhaseOffset: 300 (Local)
  FrequencyCorrectRate: 4 (Local)
  PollAdjustFactor: 5 (Local)
  LargePhaseOffset: 50000000 (Local)
  SpikeWatchPeriod: 900 (Local)
  LocalClockDispersion: 10 (Local)
  HoldPeriod: 5 (Local)
  PhaseCorrectRate: 7 (Local)
  UpdateInterval: 100 (Local)
  [TimeProviders]
  NtpClient (Local)
  DllName: C:\Windows\System32\w32time.DLL (Local)
  Enabled: 1 (Local)
  InputProvider: 1 (Local)
  AllowNonstandardModeCombinations: 1 (Local)
  ResolvePeerBackoffMinutes: 15 (Local)
  ResolvePeerBackoffMaxTimes: 7 (Local)
  CompatibilityFlags: 2147483648 (Local)
  EventLogFlags: 1 (Local)
  LargeSampleSkew: 3 (Local)
  SpecialPollInterval: 3600 (Local)
  Type: NTP (Local)
  NtpServer: 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org (Local)
  NtpServer (Local)
  DllName: C:\Windows\System32\w32time.DLL (Local)
  Enabled: 1 (Local)
  InputProvider: 0 (Local)
  AllowNonstandardModeCombinations: 1 (Local)
  VMICTimeProvider (Local)
  DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
  Enabled: 1 (Local)
  InputProvider: 1 (Local)
  But still showing the output:
  C:\Windows\System32>w32tm /query /status
  Leap Indicator: 0(no warning)
  Stratum: 1 (primary reference - syncd by radio clock)
  Precision: -6 (15.625ms per tick)
  Root Delay: 0.0000000s
  Root Dispersion: 10.0000000s
  ReferenceId: 0x4C4F434C (source name:  "LOCL")
  Last Successful Sync Time: 06/11/2014 15:58:45
  Source: Local CMOS Clock
  Poll Interval: 6 (64s)
  2. If I resync and rediscover the following error appears: 
  w32tm /resync /rediscover 
  Sending resync command to local computer
  The computer did not resync because no time data was available.
  3. I've also clearing the current time config, by
  net stop w32time
  w32tm /unregister
  w32tm /register
  net start w32time
  But no change, it still shows the Local CMOS clock. 
  4. This event is showing 
  Log Name:      System
  Source:        Microsoft-Windows-Time-Service
  Date:          06/11/2014 15:43:30
  Event ID:      12
  Task Category: None
  Level:         Warning
  Keywords:      
  User:          LOCAL SERVICE
  Computer:      domaincontroller1
  Description:
  Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source.
  It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy.
  If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-Time-Service" Guid="{06EDCFEB-0FD0-4E53-ACCA-A6F8BBF81BCB}" />
      <EventID>12</EventID>
      <Version>0</Version>
      <Level>3</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8000000000000000</Keywords>
      <TimeCreated SystemTime="2014-11-06T15:43:30.465619200Z" />
      <EventRecordID>77295</EventRecordID>
      <Correlation />
      <Execution ProcessID="256" ThreadID="2056" />
      <Channel>System</Channel>
      <Computer>domaincontroller1</Computer>
      <Security UserID="SID" />
    </System>
    <EventData Name="TMP_EVENT_DOMAIN_HIERARCHY_ROOT">
    </EventData>
  </Event>
  5. If I perform the below it appears DC2 is having problems but I'm not sure if related. 
  C:\w32tm /monitor
  DC1.domain.local *** PDC ***[192.168.1.1:123]:
      ICMP: 0ms delay
      NTP: +0.0000000s offset from DC1.domain.local
          RefID: 'LOCL' [0x4C434F4C]
          Stratum: 1
  DC2.domain.local[192.168.1.2:123]:
      ICMP: 0ms delay
      NTP: -110.4925481s offset from DC1.domain.local
          RefID: (unspecified / unsynchronized) [0x00000000]
          Stratum: 0
  DC3.domain.local[192.168.2.1:123]:
      ICMP: 0ms delay
      NTP: -0.0256084s offset from DC1.domain.local
          RefID: DC1.domain.local [192.168.1.1]
          Stratum: 2
  DC4.domain.local[192.168.2.4:123]:
      ICMP: 0ms delay
      NTP: -0.0011524s offset from DC1.domain.local
          RefID: 80.84.77.86.rev.sfr.net [86.77.84.80]
          Stratum: 2
  Warning:
  Reverse name resolution is best effort. It may not be
  correct since RefID field in time packets differs across
  NTP implementations and may not be using IP addresses.
  Any help would be much appreciated. Thanks. 
  Craig Brand

  I suspected some issue with AV so uninstalled. 
  To resolve the Access Denied I followed these steps: 
  stop w32time
  w32tm /unregister
  reboot
  regsvr32 /u w32time.dll
  w32tm /register
  sc query w32time -- you should see that the service is set to
  shared mode -- this is presumably how it should be -- if you try to start right now, you'll get the expected 1290 SID-related error
  reboot
  w32time should now automatically start at boot up and be running -- that was my result -- it's running as shared, started on its own, and I can do the w32tm /query commands successfully
  After rebooting the time service started. 
  I then repeated the steps: 
  net stop w32time
  w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org"
  w32tm /config /reliable:yes
  net start w32time
  w32tm /query /configuration 
  And all worked. I'll wait a short while to see if this fixes the issue. I also have am SA case with MS so will confirm fix when resolved. 
  Craig Brand

• Problems with RH 8 and Windows 2008 64-bit servers with IIS7?

  I have been informed that my company's servers are being upgraded to Windows 2008 64-bit servers with IIS7, from Windows 2003 & IIS6. Probably will be online in April 2011.
  I have a project created using WebHelp, RoboHelp HTML v5. I have RoboHelp HTML v8 (haven't had a chance to use it yet). We are currently using IE7 on XP. Does anyone have any info on issues with RoboHelp v8 WebHelp projects running on Windows 2008 64-bit servers & IIS7 that I need to be concerned about? I thought I should convert the project developed using RH 5 to and RH 8 project, then FTP it to the new server when it becomes available.
  Any helpful info would be much appreciated.
  Thanks,
  Alden

  Acrobat 8 is not certified for Win7, particularly the x64 version. If you got the installation to go, the first step is to update AA8 to at least AA8.2. The x64 with XP required at least AA8.2 and I suspect that has not changed. I would suggest updating to the latest, either from the help menu (until no more updates are available) or by downloading the updates from the adobe.com>downloads page. For the latter, download ALL updates after your current version and install them in ORDER. They are not cummulative in most cases. You only need to reboot after the final update. The updates may get you going. If not, you may simply have to upgrade to AA9 or search for what others have been able to do in your situation.

• Remote Access to Windows 2008 R2 Server configured with local IP

  Hello,
  I have a Windows 2008 R2 Server configured with local IP (e.g. 192.168.1.115).
  Please how can I access it remotely outside its local domain through (remote desktop connection).
  Thank you.
  Tony.

  Hi Tony,
  Based on your description, you would like to connect to the Windows 2008 R2 server via remote desktop connection.
  So you need to enable remote desktop on the Windows 2008 R2 server if it is not already.
  1.Install and configure the Remote Desktop Session Host role service in the Windows 2008 R2 server.
  2.Add related user to the Remote Desktop Users group in the Windows 2008 R2 server.
  3.Configure remote desktop connection in the Client.                   
  Also, due to you would like to access it remotely outside the domain, so you will need a VPN connection or a port forward to connect through.
  For more details, please refer to the guide below,
  Installing and Configuring Remote Desktop Session Host
  http://technet.microsoft.com/en-us/library/dd883253.aspx
  Allow Remote Desktop connections from outside your home network
  http://windows.microsoft.com/en-IN/windows7/allow-remote-desktop-connections-from-outside-your-home-network
  Best Regards,
  Tina

• How to reset Windows 2008 R2 Domain Controller "Administrator" password?

  Hello Everyone,
  I have lost Administrator password for the following system:
  Windows 2008 R2
  Domain Controller setup on same machine
  Stand alone server - no workstations or other servers invovled
  I still have the "Directory Service Restore Password" but I don't think that helps me for lost Administrator password. I beleive I need to boot from an .iso file to gain access. I already tried "Offline NT Password & Registery Editor" and it has set
  Administrator password to (blank) but that is not allowing me access as it seems that I have to login to domain controller Administrator. So, how can I reset that password?
  Thanks

  It wasn't difficult to reset the domain password and I think Microsoft's policy of not providing an easy forward way is to create an
  illusion of security which is not there. Linux systems that are much more secure that MSFT software allow easy password reset when physical access is there so why not include the same tools in System Repair tools or using F8?
  Anyhow, this guide helped me reset the password in 5 minutes. Read the bottom of it to find the scripted / automatic version of the process:
  http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
  Thanks,

• Windows 8.1 Clients cant register record in DNS in forest functional level 2008 environment (DNS Client Events 8018)

  Hello,
  I have two DC,:
  first Windows Server 2008, second Windows Server 2012 R2,
  AD works in forest functional level 2008
  Workstations working in Windows 8.1 OS cant register to DNS with warning:
  The system failed to register host (A or AAAA) resource records (RRs) for network adapter
  with settings:
             Adapter Name : ...................................................
             Host Name : ...................................
             Primary Domain Suffix : ....................................
             DNS server list :
             Sent update to server : <?>
             IP Address(es) :
  The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for
  this name does not support the DNS dynamic update protocol.
  To register the DNS host (A or AAAA) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.

  Hi,
  Functional levels determine the available Active Directory Domain Services (AD DS) domain or forest capabilities. They also determine which Windows Server operating systems you can run on domain controllers in the domain or forest. However, functional levels
  do not affect which operating systems you can run on workstations and member servers that are joined to the domain or forest. Set the domain and forest functional levels to the highest value that the environment can support, in order to use as many AD DS features
  as possible.
  You may reference SenneVL’s suggestion, and use ipconfig /registerdns
  on the workstation to confirm that if the DNS record can be registered.
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• The specified forest functional level is invalid. "Lync Server" requires forests running in Windows 2003 mode or higher.

  Dear Support Team,
  i am having the error ''The specified forest functional level is invalid. "Lync Server" requires forests running in Windows 2003 mode or higher'' from lync 2013 during the schema master prepare on windows server 2008r2 and my forest functional
  level are 2008r2.. so can you help me please...?

  Dear Support Team,
  in my network there are one forest and two domain controller (primary and secondary).. my domain functional
  level is windows server 2008r2.. but i am still receiving error.. when i hit the run button for schema prepare its says:
  ServerSchemaPrepareTask execution failed on an unrecoverable error.
  and when i open log it sasys: 
  Error: The specified forest functional level is invalid. "Lync Server" requires forests running in Windows 2003 mode or higher.
  kindly help me

• Replace win2008r2 domain controllers with win2012r2

  My environment: Single win2008 r2 forest w/3 win2008r2 domains
   I need to replace the 2 root domain controllers (that also run DNS & WINS) with new hardware and was considering installing them as Win2012R2. 
  I have no plans to upgrade the DC’s in the 2 Win2008r2 child domains.
  Since there will be schema changes, are there any concerns with having the root DC’s be win2012R2 and the child domains win2008r2?
  Thanks

  Thanks for both answers. 
  My main concern are the oddball 3rd party apps, some of which still run on win2003 servers.  Even if the vendor/developer confirm their apps are compatible with win2012 domain controllers, my internal programmers are still nervous.  It took me
  months to convince them it was ok to upgrade the domain & forest functional levels to win2008r2.
  Again Thanks