What are the benefits of raising forest level?

I just installed a new server with Server 2008 as the OS to replace a server running Server 2000.  The new server is the domain controller and the old server has been demoted.  Should I raise the forest level from Server 2000 to Server 2008?  What are the benefits and what are the risks?
kylebocaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Point-In-CyberspaceCommented:
In a sigle domain controller scenario there are no advanteges/disvantages in promoting to 2008 level, so if you have only the 2008 machine in the forest raise the functional level at 2008.
If you have other domain controllers on the domain ot other domains in the forest raise the level to the minimum common level. This means that if you have other doamins with a 2000 server keep it at 2000 level while if there are other domain controllers with 2003 (but not 2000) raise it to 2003.
If you plan to add 2003 domain controllers in this or other domains keep it at 2003 level.

To better understand forest and domain functional levels look at these articles

http://www.petri.co.il/understanding_function_levels_in_windows_2003_ad.htm

http://www.lockergnome.com/it/2005/04/13/know-your-functional-levels-part-i/


0
tigermattCommented:

Functional Levels are all about features. New Active Directory features are introduced with each release of Windows Server, but in order to support them, all the DCs in the domain/forest (depending on feature) must run that server OS or higher. When you upgrade the functional level, you are essentially committing to a one-time operation which you can not reverse; the level you upgrade to determines the minimum OS for all new DCs in the domain.

For example, take the Fine-Grained Password Policy (FGPP) feature which was introduced in Windows Server 2008. Since it is a 2008-only feature, you must run all Server 2008 DCs -and- upgrade to the Server 2008 functional level. The feature is not activated at previous levels, because they allow non-2008 DCs to be promoted which do not support the feature.

That said, the previous poster's comment regarding "there are no advantages/disadvantages" is not correct. There *are* advantages to upgrading the domain/forest level - you get more Active Directory features. The only disadvantage is that once you upgrade the functional level, you cannot reverse it. Essentially, this means upgrading to Server 2008 FL means you cannot -ever- promote a Server 2003 or lower DC in the domain/forest again.

As for risks, they are minimal. I won't say they don't exist, but everything you do has its associated risks. However, in the grand scheme of things, the potential risks of a functional level change are not worth worrying about.

-Matt
0
kylebocaAuthor Commented:
Hi Matt,

Thank you for your detailed reply.  Since there is only one DC in this forest and the Server 2000 has been demoted, I see no reason not to upgrade the forest level to 2008.  All of the workstations can log in to the new DC just fine.

What could possibly go wrong after raising the forest level?
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

vmwarun - ArunCommented:
IMHO nothing can go wrong once you have raised the Forest Functional Level to Windows Server 2008.
0
kylebocaAuthor Commented:
Hey Matt,

If you agree with arunraju let me know and I will close this thread.
0
Point-In-CyberspaceCommented:
Tigermatt, i know there are some advantages in raising functional levels in a forest, but maybe i wasn't clear enough.

I said in a sigle domain controller scenario there are no advanteges/disvantages in promoting to 2008 level.
When a complex scenario is in place functional levels can make the difference, but are not so important in kyleboca scenario. He has only one domain controller for a single domain config.

Moreover i suggested to raise the level to 2003 in case win 2003 DC are installed and only him knows actual and future status of his network.

Anyway AD is a complex thing that have to be studied and understood, so some additional reading can be the right thing.

My two cents

0
tigermattCommented:

Your thinking is correct. If you will never need to promote any Server 2000 or 2003 DCs in the current domain, raise the domain level to 2008 and unlock the new Active Directory features available to you. As I mentioned before, there are no risks in raising the functional level of either the domain or the forest except normal risks you get when working with AD on a daily basis. It's not worth losing sleep over.

Point-In-Cyberspace,

While raising the Forest Functional Level to 2008 is not going to have much benefit, raising the Domain Functional Level will. The various features unlocked at both the domain and forest levels are described in detail at http://technet.microsoft.com/en-us/library/cc771132(WS.10).aspx.

You will notice that a Forest level of 2008 is the same as a forest level of 2003, but that you should raise to a Domain Level of 2008 where necessary as there is a wealth of new features to unlock.

-Matt
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kylebocaAuthor Commented:
Thanks for your detailed answers Matt.  
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.