Solved

Raise the funcitonal level of a domain

Posted on 2011-09-29
9
375 Views
Last Modified: 2012-05-12
We have a domain with various servers from Windows Server 2000, 2003 & 2008 R2.

We have two domain controllers
Primary DC 2008 R2.  Secondary DC 2003 R2.

The 2000 Servers are simply holding legacy applications and are not Domain Controllers.  

Our functional level of the domain and forest is set to 2000 Native.  

Are there any issues with raising the funcitonal level of the domain and forest to 2003?
0
Comment
Question by:DHPBilcare
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 250 total points
ID: 36814780
No issues at all

The only issue is that you will not be able to run any DC lower then Windows 2003 Server
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 250 total points
ID: 36814815
As dariusg said, no problem. If it's single forest single domain environment then you don't have to worry about Forest Functional Level. FFL can be at the same level as DFL. But if you have more domains, the be careful. FFL determines that other domain also must work in 2003 DFL!

The lowest OS on DC determines the highets possible DFL
The lowest DFL determines the highest possible FFL

Regards,
Krzysztof
0
 

Author Comment

by:DHPBilcare
ID: 36814861
Only other aspect to mention is that we are moving torwards a full domain trust with our sister company.  Two seperate domains.

Their functional level is 2003 native thus we have to riase ours to enable the two way trust.
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36814866
That would be the best option
0
 

Author Comment

by:DHPBilcare
ID: 36814936
How long does the process take to raise?  

I know not best practice but are there any issues doing this while users are on the system?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36815019
WHen you click "OK", it's done :] Your DFL is changed, up-and-running
The same for FFL

Krzysztof
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36815029
No, this action does not affect users workong in the system. That process is transparent.

Krzysztof
0
 

Author Comment

by:DHPBilcare
ID: 36816899
Just to confirm one last point.

I have now raised the Functional level of our domain to 2003.  The forest is still set to 2000.

Will the trust now work?  

Just to clarify is there any issue to me simply raising our FFL to 2003 also?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36817216
Yes, trust will work. If your domain(s) in the forest have no 2000 DCs, you can freely raise also FFL to 2003. It's the best choice to get two-way transitive trust between these 2 forests.
 That's new feature implemented in 2003 AD when you use FFL at 2003 level.

So, if you do not use 2000 DCs at all and do not plan to use them, raise FFL.

Before you will be able to establish trust, you need to configure DNS first. One of these options is required to get it working:
1) Define Conditional forwarders in your DNS management console for the domain from another forest
2) Create Stub zone in DNS for that zone

And of course make sure that you can reach that network from your environment :)

Krzysztof
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question