Improve company productivity with a Business Account.Sign Up

x
?
Solved

Active Directory - Function Level and adding a new DC

Posted on 2012-03-26
11
Medium Priority
?
350 Views
Last Modified: 2012-03-26
I have two DC's, DC1 & DC2. Both are running windows server 2008 R2. My domain function Level is Windows Server 2003. Will i need to do an adprep/ forestprep/ or domainprep or can i just go ahead and dcpromo and install?

Thanks.
0
Comment
Question by:earlyriser99
  • 5
  • 3
  • 3
11 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37767206
So the old 2003 DC's are gone and demoted from the network?
0
 
LVL 9

Assisted Solution

by:Geodash
Geodash earned 1000 total points
ID: 37767223
This is a good article on Domain function levels fro 2008.

http://www.petri.co.il/raising-windows-server-2008-active-directory-domain-and-forest-functional-levels.htm

You said can you go ahead and run a dcpomo and install, but you say the w2k8r2 are already DC's. Are you just wanting to raise the function level or add a new DC?
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1000 total points
ID: 37767227
If both DCs are running Windows 2008 R2 then your schema version should be at 47 so you won't need a schema update for AD


....until you go to Windows 8 :)   http://adisfun.blogspot.com/2012/03/windows-server-8-beta-schema-version.html

Thanks

Mike
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 

Author Comment

by:earlyriser99
ID: 37767279
Soooo...A little background. Hired at a new company as the new IT guy, old IT guy left and nobody knows anything. Just going by what i have found. But yes, only two domain controllers which are dc1 and dc2, both 2008 server r2. There are no windows 2003 dc's.
0
 
LVL 9

Assisted Solution

by:Geodash
Geodash earned 1000 total points
ID: 37767296
Then you do not have to do any preps, just raise the function level if you are positive that all pre-w2k8 servers are gone
0
 

Author Comment

by:earlyriser99
ID: 37767468
Soooo.....What would happen if i raised the function level and there was a 2003 server dc that i didn't know about?
0
 
LVL 9

Assisted Solution

by:Geodash
Geodash earned 1000 total points
ID: 37767471
It would not let you do it. If the 2003 DC were properly demoted without error, it will let you. If it still detects a pre-2008 DC, it will not let you change the level meaning it would need to be removed and have the metadata cleaned out, through ADSIedit if it wasn't removed cleanly.
0
 

Author Comment

by:earlyriser99
ID: 37767671
Ok...So just to be clear. I can add the 2008 r2 DC with no problems. If i want to raise the function level i can do that at a later time correct?
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 1000 total points
ID: 37767682
use tools like repadmin, event logs and dcdiag to look at the health of the servers.  Active Directory Topology Diagrammer is a nice free tool for you to build some visio diagrams.

It's tough being new and the old guy not leaving any documentation.

...but going to 2008 R2 Forest functional level and then enabling the recycle bin is a nice easy first win.

Thanks

Mike
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 1000 total points
ID: 37767687
Yes and Yes to your last questions.
0
 
LVL 9

Assisted Solution

by:Geodash
Geodash earned 1000 total points
ID: 37767760
You don't ever have to change it technically. But is recommended if you want the full w2k8r2 functionality eventually. You are fine leaving it if you want.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question