?
Solved

Upgrading Active Directory Schema to 2003 R2

Posted on 2009-12-28
9
Medium Priority
?
393 Views
Last Modified: 2012-05-08
I have an Active Directory network with two Domain Controllers.  One is running Win 2003 and the other is on Win 2003 R2.  Their current Domain Functional Level is at "Windows 2000 Mixed".

I have been looking at some neat things that the Win 2003 R2 schema provides.  In my list of available functional levels I have "Windows 2000 Native" and "Windows Server 2003".  Should there be an option for "Windows Server 2003 R2"?  

If I remember correctly the current AD was set to Windows 2000 Mixed back when there used to be some older Windows 2000 domain controllers, but with those no longer in use I assume I can move forward to a higher functional level correct?  If I am not planning to use any Win 2000 domain controllers I don't need to stay at this level do I?  

0
Comment
Question by:bkesting
  • 4
  • 4
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 26133954
There is not a separate 2003 R2 functional level (there is for 2008 R2), list of levels and features here
http://technet.microsoft.com/en-us/library/cc754918(WS.10).aspx
 If you are not planning to have an 2000 DCs around (good idea) you can safely raise your level.
Thanks
mike
0
 

Author Comment

by:bkesting
ID: 26133959
So "Windows Server 2003" functional level willl push out R2 schema updates?  How can I tell between 2003 schema and 2003 R2 schema?

0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 26133978
No if you want the R2 features you still need to update the schema for R2.
You can easily find your schema version by using adfind by Joe Richards  http://www.joeware.net/freetools/tools/adfind/index.htm
I went over the versions here:
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24518415.html
 
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:bkesting
ID: 26134107
Thanks for the info.  So I ran the tool and it shows that on both domain controllers I have 31 (Win 2003 R2) schema in place.

So in order to use it, I just need to raise my functionality level on the two domain controllers?
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 2000 total points
ID: 26134172
You just raise your functional level once...don't need to do it on each DC.
Nice job getting to the new functional level!
0
 

Author Comment

by:bkesting
ID: 26134193
Didn't realize that.  So I just choose the primary role master DC and raise the functionality there and it will replicate to the other?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 26134306
Yeah that will work
0
 

Author Comment

by:bkesting
ID: 26134350
Thank you very much for the very quick, informative responses.
0
 
LVL 8

Expert Comment

by:dicconb
ID: 26134361
There are some R2 features that require the schema to be updated, but they can be used at Windows 2000 mixed functional level (eg DFS Replication). This is how we run our environment where I work.

Unless you need a feature that requires a higher functional level (eg object logon timestamping) I would consider staying at the lower functional level. Sometimes the need to accommodate windows 2000 comes unexpectedly (eg if your organisation acquires another company). Just my two cents!

Cheers,

D
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question