Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Gotcha's & Rollbacks for raising AD 2003 Interim to Native mode

Posted on 2007-11-27
Medium Priority
Last Modified: 2012-05-05
Background information:
I am fully aware of *how* to raise interim mode to native mode and I know that our environment is ready to go (ie. selecting "Raise Domain Functional Level" in AD returns no errors and selecting "Raise Forest Functional Level" reports only one domain that must be upgraded first). What I need is documented justification for management that this process is safe to continue and that *if* (by some freak of nature) something goes wrong, there is a plan to backout/rollback. I have found plenty of info online re rolling back when upgrading from NT4 or to 2000, but since we are running only 2003 DCs in Interim Mode, this info does not apply to us.

Our current environment:
Primary Site:
  Over 100 WinXP PCs
  A few Win2000 PCs
  2 Win2000 Servers
  21 Win2003 Servers, of which there are:
       2 Domain Controllers (both CGs, one holds all FSMO roles)
       1 Exchange 2003
  1 ESX VI3 server running dev & test guest VMs only (no production services)
Second Site:
  About 30 WinXP PCs
  1 Win2003 Server, Domain Controller (GC)
Sites are linked by 1Mb WAN

Previous SysAdmin migrated Server OS from NT4 to 2003 a few years ago. AD is currently running in Interim 2003 mode but previous upgrade project was never completed. All previous NT4 servers have been decommissioned. Current Win2000 servers provide legacy file sharing & SQL services only (and will be decommissioned soon).

Q: What are some of the known gotcha's/issues/problems when upgrading AD 2003 Interim mode to 2003 native mode (if any)?

Q: How would we rollback (or at least plan & prepare for a rollback) if we encounter problems during the upgrade? Given our current site setup, can we utilize anything for backout/rollback purposes?

Personally, I believe this upgrade is a trivial process and that management fears are unfounded. Please comment...
Question by:mayday175
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Accepted Solution

l84work earned 400 total points
ID: 20363665
No roll back possible!

Do AD Authoritative restore.

2.  Create a system state backup on your GC right before the change.
3.  Make the change.
4.  if broken, boot into safe mode and perform AD authoritative restore (RESTORE DATABASE).

LVL 30

Assisted Solution

LauraEHunterMVP earned 100 total points
ID: 20368241
As l84work says, the only rollback mechanism for a DFL/FFL upgrade is to do a full domain/forest recovery from a time prior to when you changed the functional level.

Having said that, there's almost zero risk involved in the process if, as you say, all of your NT4 BDCs have been long since decommissioned.  Your clients won't even notice the difference, really.

Author Comment

ID: 20370501
Thanks l84work. Resetting the Directory Services Restore Mode Administrator account password is a very good idea, as noone knows what the previous SysAdmin had set it to. If we need to restore a system state backup, I assume the restored DC will replicate the old AD data to the other DCs. Not having done a system state restore b4, my knowledge of this is only theoretical from MSCE studies I have done.

LauraEHunterMVP... I agree, this upgrade should be a no brainer. But I am sure you are aware that any change requires a documented backout/rollback plan b4 the change can be approved.

Before I allocate points for this question, would anyone else care to add any further comments?

Expert Comment

ID: 20372247
I assume the restored DC will replicate the old AD data to the other DCs.

>  Yes, it'll be done after authoritative restore.


Author Closing Comment

ID: 31411364
Thanks guys/girls. l84work gets most points for specific info & Laura get some for confirmation of whjat I already suspected. Thanks.

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question