Cannot raise forest functional level
We currently have a total of 1 DC in our organization running windows 2003 server. Originally we had 2 controllers both running 2000 server. After running adprep I demoted one of the servers and installed a fresh install of 2003 server. I brought the new server back up and promoted it to a DC, copying over the domain information from the original server still running 2000. Everything to this point was working great. I then set the new server as a GC and transfered all FSMO roles over to it. After that point I demoted the 2000 server. I checked across the company to make sure logins and share access were still working correctly and they were. After confirming that I went onto to raise the functional level of the domain. It originally was running 2000 mixed. I raise it to 2003 server without a problem. I then decided to raise the forest functional level to 2003 server. Here is when things go south. I went into Programs->Admin Tools->Domain->Active Directory Domains and Trusts. I right clicked active directory domains and trusts and selected raise forest functional level. Well nothing happens, in fact the domains and trust window closes. I try it again, but the same things happens. Looking into it further, I right clicked the domain and went down to properties. Inside it states the domain functional level and the forest functional level. Well the domain level shows 2003 server, but the forest level field is blank or empty. If I right click on the domains and trusts icon within domains and trusts and click on "Operations Master" the window appears stating that "Domain naming operations master: ERROR". I hope some of this info helps. I desperately need to get this fixed so I can add upgrade the orginal server to 2003 and add it into the domain. Because of this I am making this question worth 1000 points. Good Luck.
Do you have any servers in your domain that are not Windows 2003?
ASKER
No.
ASKER
If that was the case I wouldn't have been able to change my domain functional level to 2003 server.
This is truly and odd problem, If there is only one DC and I presume 1 domain (Have you changed the name of the domains in anyway from the old 2000 Domain) and the domain functional level is W2K3.
What I don't understand is why do you need to upgrade the forest functional level to W2K3 to add the other server. Adding another server is not dependant on the Forest functional level but the domain functional level unless the newly upgraded server was going to be the first DC in a new domain within the forest. The domain functional level is 2003 so demote the original 2000 server to a member server(which you've done already I gather) now upgrade the OS to 2003 and add it as a Domain controller to the AD and seize the operations master role from the server reporting the error. This might get your operations master up and running fine.
Let me know what you think
What I don't understand is why do you need to upgrade the forest functional level to W2K3 to add the other server. Adding another server is not dependant on the Forest functional level but the domain functional level unless the newly upgraded server was going to be the first DC in a new domain within the forest. The domain functional level is 2003 so demote the original 2000 server to a member server(which you've done already I gather) now upgrade the OS to 2003 and add it as a Domain controller to the AD and seize the operations master role from the server reporting the error. This might get your operations master up and running fine.
Let me know what you think
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The thing that is frustrating is that I transfered all the roles before donig any of this and all said they transfered successfully. The reason for doing the forest functional level raise is because there are some features like old user/computer account detection that would be very useful. I will be running into work this afternoon and trying out the recommendations you have made above. Tell me one thing, I have been wanting to make a move over to a different forest name space anyway for some time. Basically we have the same external namespace as we do internal and Microsoft says this is a very bad thing to do. What if I made a spare computer a completely new domain in a new forest. The biggest thing I don't want to change is the user's profiles. People flip out if they lose access to favorites and other profile information for good reason. With the problem domain running 2003 server domain functional level can't I use the admt 2.0 and transfer over the user's and computer accounts??? I know this would be a lot of work, but I am a prefectionist and want the issue done right.
When I transfer roles from one server to the other I usually wait a minimum of 30 minutes. Ont thing that I learnt is that sometimes things don't happen streight away.
This may be relevent:
DNS and AD Design question
http://www.mcse.ms/archive44-2004-1-244283.html
I didn't read all of it, but I did spot a statement mentioning that you can't rename forest root domains in Windows 2003.
Domains, at least, can be renamed.
http://support.microsoft.com/default.aspx?scid=kb;en-us;169741
I'm not sure about moving one entire forrest to another. Microsoft is right though. Internally on the network I manage, the root domain ends in `.lan`. Externally it's `.com`. This separation I do on AutoPilot when I'm building a network. I suppose you could have `domain.com` internally and externally, but have a publically accessible DNS server outside and obviously the DNS (hosting AD) inside your network.
I'll think about this problem later on as right now I'm quite tired.
This may be relevent:
DNS and AD Design question
http://www.mcse.ms/archive44-2004-1-244283.html
I didn't read all of it, but I did spot a statement mentioning that you can't rename forest root domains in Windows 2003.
Domains, at least, can be renamed.
http://support.microsoft.com/default.aspx?scid=kb;en-us;169741
I'm not sure about moving one entire forrest to another. Microsoft is right though. Internally on the network I manage, the root domain ends in `.lan`. Externally it's `.com`. This separation I do on AutoPilot when I'm building a network. I suppose you could have `domain.com` internally and externally, but have a publically accessible DNS server outside and obviously the DNS (hosting AD) inside your network.
I'll think about this problem later on as right now I'm quite tired.
So, bouncing the entire AD and GC to the `safe haven server, demoting and re-promoting the problem server then bouncign everything back to the original server worked? Was there anything else that you had to do? I'm curious, and thanks for the points and accepting my answer.