Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


DC2003 and DC2008 combined

Posted on 2010-11-10
Medium Priority
Last Modified: 2012-05-10
I have windows 2003 domain and all domain controllers are windows 2003.
I wonder if I can install windows 2008 Domain controller in the same domain as other windows 2003 DCs.
Question by:jskfan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 27

Accepted Solution

KenMcF earned 1428 total points
ID: 34100861
Yes you can have both. You will need to run adprep to update your schema.
You will just need to leave the FFL and DFL at mixed mode until all DCs are 2008
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 288 total points
ID: 34100890
Yes you can here's a walk-though I wrote a while back http://www.petenetlive.com/KB/Article/0000239.htm


Assisted Solution

gentle0000 earned 284 total points
ID: 34100891

Of course you can install W2K8 to a W2K3 Domain Environment.

The Only thing you have to do is to prepare your W2K3 AD Forest and W2K3 AD Domain.

You have to know that the Domain Functional Level for the Domain must be at least Windows 2000 Native. So first check in AD Users and Computers to see the Domain Functional Level of your Domain is at Windows 2000 Native Mode. If not just Raise it, by right click at the Domain Name (AD Users and Computers) and choose Raise Domain Functional Level.

After that, follow the following procedure.
1. Logon to the DC with the Schema Master Role.
2. Insert the W2K8 DVD
3. Open a cmd prompt
4.. Go to d:\sources\adprep  (Where d:\ is your DVD drive letter)
5. Write:  adprep /forestprep
6. Write: adprep /domainprep

You are done.
Now you can promote any W2K8 machine to a DC in a W2K3 AD Enviroment.

With Regards.
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Author Comment

ID: 34101008
what benefits do you get in this case. assuming the DFL and FFL are still windows 2003
LVL 27

Assisted Solution

KenMcF earned 1428 total points
ID: 34101202
One of the benifits you get if you have all 2008 DCs and FFL and DFL of 2008 is fine grained password policy. With you FFL and DFL you will not have this option.


Author Comment

ID: 34101655
I meant while still in windows 2003 DFL and FFL, what benefits can I get from windows 2008 domain controller.

If the benefits are gonna be the same as having windows 2003 DC, so why should I add w2008 DC at the first place.

I know if upgrading FFL and DFL to w2008, all DCs need to be upgraded to w2008

if there are other benefits in installing w2008 in a w2003 domain while keeping FFL and DFL to 2003, please provide those benefits.
LVL 27

Assisted Solution

KenMcF earned 1428 total points
ID: 34101782
It depends on what you are comfortable with I guess and what your plans are to upgrade. How long will the new server be around for? 2003 will end support soon so you may be upgrading anyway.  I would recommend install the new DC as 2008 or even 2008 R2 since that is the newest OS. and work on getting all of your DCs up to that level in the next few years.

One i of the biggest benefitsI think with having a 2008 DC is the AD snapshots. You do not have to have 2008 DFL or FFL for this.


There are no benefits keeping the DFL and FFL level in mixed mode, but you are not able to go to DFL or FFL 2008 until all of your DCs are 2008.

"Raising the domain and forest functional levels to Windows Server 2008 is a nonreversible task and prohibits the addition of Windows 2000–based or Windows Server 2003–based Domain Controllers to the environment. Any existing Windows 2000–based or Windows Server 2003–based Domain Controllers in the environment will no longer function, and in fact, the upgrading wizard will not allow you to continue with the operation. "




Author Comment

ID: 34103944
If I understand:

windows 2008 DC in DFL 2003, you get :
    * Fine-grained password policies – Allows multiple password polices to be applied to different users in the same domain.
    * Read-Only Domain Controllers – Allows implementation of domain controllers that only host read-only copy of NTDS database.
    * Advanced Encryption Services – (AES 128 and 256) support for the Kerberos protocol.
    * Granular auditing – Allows history of object changes in Active Directory.
    * Distributed File System Replication (DFSR) – Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.
    * Last Interactive Logon Information – Displays the time of the last successful interactive logon for a user, from what workstation, and the number of failed logon attempts since the last logon.

Windows 2008 DC in Windows 2003 FFL you get:
    * Forest trust.
    * Domain rename.
    * Linked-value replication – Changes in group membership to store and replicate values for individual members instead of replicating the entire membership as a single unit.
    * Deployment of an RODC.
    * Intersite topology generator (ISTG) improvements – Supports a more efficient ISTG algorithm allows support for extremely large numbers of sites.
    * The ability to create instances of the dynamicObject dynamic auxiliary class.
    * The ability to convert an inetOrgPerson object instance into a User object instance, and the reverse.
    * The ability to create instances of the new group types, called application basic groups and Lightweight Directory Access Protocol (LDAP) query groups, to support role-based authorization.
    * Deactivation and redefinition of attributes and classes in the schema.

LVL 27

Assisted Solution

KenMcF earned 1428 total points
ID: 34104351
you will not get FGPP, this needs to be all 2008 DCs. AD snapshots is not in the list. In my option this is a big one for the 2008 DCs.

    * Fine-grained password policies – Allows multiple password polices to be applied to different users in the same domain.

Author Comment

ID: 34104385
I guess the ADsnapshot requires Windows 2008 DCs DFL/FFL
LVL 27

Assisted Solution

KenMcF earned 1428 total points
ID: 34104408
no, AD snapshots only require a 2008 DC. You can still be in 2003 DFL and FFL

Author Closing Comment

ID: 34105646
thanks guys

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question