Solved

Raise the funcitonal level of a domain

Posted on 2011-09-29
9
332 Views
Last Modified: 2012-05-12
We have a domain with various servers from Windows Server 2000, 2003 & 2008 R2.

We have two domain controllers
Primary DC 2008 R2.  Secondary DC 2003 R2.

The 2000 Servers are simply holding legacy applications and are not Domain Controllers.  

Our functional level of the domain and forest is set to 2000 Native.  

Are there any issues with raising the funcitonal level of the domain and forest to 2003?
0
Comment
Question by:DHPBilcare
  • 4
  • 3
  • 2
9 Comments
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 250 total points
ID: 36814780
No issues at all

The only issue is that you will not be able to run any DC lower then Windows 2003 Server
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 250 total points
ID: 36814815
As dariusg said, no problem. If it's single forest single domain environment then you don't have to worry about Forest Functional Level. FFL can be at the same level as DFL. But if you have more domains, the be careful. FFL determines that other domain also must work in 2003 DFL!

The lowest OS on DC determines the highets possible DFL
The lowest DFL determines the highest possible FFL

Regards,
Krzysztof
0
 

Author Comment

by:DHPBilcare
ID: 36814861
Only other aspect to mention is that we are moving torwards a full domain trust with our sister company.  Two seperate domains.

Their functional level is 2003 native thus we have to riase ours to enable the two way trust.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36814866
That would be the best option
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:DHPBilcare
ID: 36814936
How long does the process take to raise?  

I know not best practice but are there any issues doing this while users are on the system?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36815019
WHen you click "OK", it's done :] Your DFL is changed, up-and-running
The same for FFL

Krzysztof
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36815029
No, this action does not affect users workong in the system. That process is transparent.

Krzysztof
0
 

Author Comment

by:DHPBilcare
ID: 36816899
Just to confirm one last point.

I have now raised the Functional level of our domain to 2003.  The forest is still set to 2000.

Will the trust now work?  

Just to clarify is there any issue to me simply raising our FFL to 2003 also?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36817216
Yes, trust will work. If your domain(s) in the forest have no 2000 DCs, you can freely raise also FFL to 2003. It's the best choice to get two-way transitive trust between these 2 forests.
 That's new feature implemented in 2003 AD when you use FFL at 2003 level.

So, if you do not use 2000 DCs at all and do not plan to use them, raise FFL.

Before you will be able to establish trust, you need to configure DNS first. One of these options is required to get it working:
1) Define Conditional forwarders in your DNS management console for the domain from another forest
2) Create Stub zone in DNS for that zone

And of course make sure that you can reach that network from your environment :)

Krzysztof
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now