Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 393
  • Last Modified:

Raise the funcitonal level of a domain

We have a domain with various servers from Windows Server 2000, 2003 & 2008 R2.

We have two domain controllers
Primary DC 2008 R2.  Secondary DC 2003 R2.

The 2000 Servers are simply holding legacy applications and are not Domain Controllers.  

Our functional level of the domain and forest is set to 2000 Native.  

Are there any issues with raising the funcitonal level of the domain and forest to 2003?
0
DHPBilcare
Asked:
DHPBilcare
  • 4
  • 3
  • 2
2 Solutions
 
Darius GhassemCommented:
No issues at all

The only issue is that you will not be able to run any DC lower then Windows 2003 Server
0
 
Krzysztof PytkoActive Directory EngineerCommented:
As dariusg said, no problem. If it's single forest single domain environment then you don't have to worry about Forest Functional Level. FFL can be at the same level as DFL. But if you have more domains, the be careful. FFL determines that other domain also must work in 2003 DFL!

The lowest OS on DC determines the highets possible DFL
The lowest DFL determines the highest possible FFL

Regards,
Krzysztof
0
 
DHPBilcareAuthor Commented:
Only other aspect to mention is that we are moving torwards a full domain trust with our sister company.  Two seperate domains.

Their functional level is 2003 native thus we have to riase ours to enable the two way trust.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Darius GhassemCommented:
That would be the best option
0
 
DHPBilcareAuthor Commented:
How long does the process take to raise?  

I know not best practice but are there any issues doing this while users are on the system?
0
 
Krzysztof PytkoActive Directory EngineerCommented:
WHen you click "OK", it's done :] Your DFL is changed, up-and-running
The same for FFL

Krzysztof
0
 
Krzysztof PytkoActive Directory EngineerCommented:
No, this action does not affect users workong in the system. That process is transparent.

Krzysztof
0
 
DHPBilcareAuthor Commented:
Just to confirm one last point.

I have now raised the Functional level of our domain to 2003.  The forest is still set to 2000.

Will the trust now work?  

Just to clarify is there any issue to me simply raising our FFL to 2003 also?
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Yes, trust will work. If your domain(s) in the forest have no 2000 DCs, you can freely raise also FFL to 2003. It's the best choice to get two-way transitive trust between these 2 forests.
 That's new feature implemented in 2003 AD when you use FFL at 2003 level.

So, if you do not use 2000 DCs at all and do not plan to use them, raise FFL.

Before you will be able to establish trust, you need to configure DNS first. One of these options is required to get it working:
1) Define Conditional forwarders in your DNS management console for the domain from another forest
2) Create Stub zone in DNS for that zone

And of course make sure that you can reach that network from your environment :)

Krzysztof
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now