[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Active Directory - Function Level and adding a new DC

Posted on 2012-03-26
11
Medium Priority
?
348 Views
Last Modified: 2012-03-26
I have two DC's, DC1 & DC2. Both are running windows server 2008 R2. My domain function Level is Windows Server 2003. Will i need to do an adprep/ forestprep/ or domainprep or can i just go ahead and dcpromo and install?

Thanks.
0
Comment
Question by:earlyriser99
  • 5
  • 3
  • 3
11 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37767206
So the old 2003 DC's are gone and demoted from the network?
0
 
LVL 9

Assisted Solution

by:Geodash
Geodash earned 1000 total points
ID: 37767223
This is a good article on Domain function levels fro 2008.

http://www.petri.co.il/raising-windows-server-2008-active-directory-domain-and-forest-functional-levels.htm

You said can you go ahead and run a dcpomo and install, but you say the w2k8r2 are already DC's. Are you just wanting to raise the function level or add a new DC?
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1000 total points
ID: 37767227
If both DCs are running Windows 2008 R2 then your schema version should be at 47 so you won't need a schema update for AD


....until you go to Windows 8 :)   http://adisfun.blogspot.com/2012/03/windows-server-8-beta-schema-version.html

Thanks

Mike
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 

Author Comment

by:earlyriser99
ID: 37767279
Soooo...A little background. Hired at a new company as the new IT guy, old IT guy left and nobody knows anything. Just going by what i have found. But yes, only two domain controllers which are dc1 and dc2, both 2008 server r2. There are no windows 2003 dc's.
0
 
LVL 9

Assisted Solution

by:Geodash
Geodash earned 1000 total points
ID: 37767296
Then you do not have to do any preps, just raise the function level if you are positive that all pre-w2k8 servers are gone
0
 

Author Comment

by:earlyriser99
ID: 37767468
Soooo.....What would happen if i raised the function level and there was a 2003 server dc that i didn't know about?
0
 
LVL 9

Assisted Solution

by:Geodash
Geodash earned 1000 total points
ID: 37767471
It would not let you do it. If the 2003 DC were properly demoted without error, it will let you. If it still detects a pre-2008 DC, it will not let you change the level meaning it would need to be removed and have the metadata cleaned out, through ADSIedit if it wasn't removed cleanly.
0
 

Author Comment

by:earlyriser99
ID: 37767671
Ok...So just to be clear. I can add the 2008 r2 DC with no problems. If i want to raise the function level i can do that at a later time correct?
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 1000 total points
ID: 37767682
use tools like repadmin, event logs and dcdiag to look at the health of the servers.  Active Directory Topology Diagrammer is a nice free tool for you to build some visio diagrams.

It's tough being new and the old guy not leaving any documentation.

...but going to 2008 R2 Forest functional level and then enabling the recycle bin is a nice easy first win.

Thanks

Mike
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 1000 total points
ID: 37767687
Yes and Yes to your last questions.
0
 
LVL 9

Assisted Solution

by:Geodash
Geodash earned 1000 total points
ID: 37767760
You don't ever have to change it technically. But is recommended if you want the full w2k8r2 functionality eventually. You are fine leaving it if you want.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question