Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!
Learn how Concerto can help you.
Solved
Raising Forest and Domain functional levels to 2008 R2.
Posted on 2013-01-03
Just putting this out there to see if anyone has any good info or experiences to share before proceeding with this process.
I currently has a network with 1 Forest and 3 Domains. Within that there are a total of 10 Domain Controllers spread out between each of the domains within this forest. All of the Domain Controllers are running Windows Server 2008 R2 as their OS, but Active Directory is running under 2003 functional level for both the forst and domain.
I am at a point where i would like to raise both the forest and domain functional levels from 2003 to 2008 R2. Just looking for any insight anyone may be able to share. Specifically i want to ensure that all of our applications will continue to function and not have any issues authenicating. We have over 1000 servers and over 5000 end users. Apps range from Office, Exchange, SQL, Sharepoint, etc.
I currently has a network with 1 Forest and 3 Domains. Within that there are a total of 10 Domain Controllers spread out between each of the domains within this forest. All of the Domain Controllers are running Windows Server 2008 R2 as their OS, but Active Directory is running under 2003 functional level for both the forst and domain.
I am at a point where i would like to raise both the forest and domain functional levels from 2003 to 2008 R2. Just looking for any insight anyone may be able to share. Specifically i want to ensure that all of our applications will continue to function and not have any issues authenicating. We have over 1000 servers and over 5000 end users. Apps range from Office, Exchange, SQL, Sharepoint, etc.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
- +4
8 Comments
There is no catch here. Raise the domain and the forest functional level. Just wait for the replication to happen. I would raise the domain FL and wait 1 or 2 days before raising the forest FL, then proceed with the forest FL.
Active 6 days ago
Straight from Microsoft's Active Directory Team:
http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
You should be good to raise your functional levels but check the below link out to make sure Exchange is set to run.
http://technet.microsoft.com/en-us/library/ff728623(v=exchg.141).aspx
http://technet.microsoft.com/en-us/library/ff728623(v=exchg.141).aspx
Just to answer Rancy's question, lots of reasons to want to raise the functional level (AD recycle bin and Fine grained passwords are to new features he will have access to once the functional level is raised).
Do you have any old NT machines anywhere?
Thanks
Mike
Do you have any old NT machines anywhere?
Thanks
Mike
Active 1 day ago
I would agree with clonyxlro to upgrade step by step ..i.e update the DFL first give it time of atleast 1-2 working days then once all your domain are running 2008 R2 DFL then shoot the Forest upgrade ...take the system state backup of once DC in each domain prior upgrading DFL
In response to Rancy's post, I would like to have access to the recycle bin and also as mentioned by mkline71 the password policy changes would also be nice as well. I really just dont want to have AD behind my OS. If I can run it under 2008 R2, why leave it running 2003. My next step is to start looking into rolling out 2012 servers and DCs. My office never has an OS running that is more then 1 level behind. So with the release of 2012 we have to ensure that all servers are 2008 and above. Right now we only have a few 2003 left. By the end of 2013 of the 1000 servers we have there may be 25 or so which arent 2008 or higher.
I would just feel better having my DCs 2008 R2 for funtional level as well as OS, before i started getting into 2012. That way it really is just 1 step up.
I would just feel better having my DCs 2008 R2 for funtional level as well as OS, before i started getting into 2012. That way it really is just 1 step up.
Featured Post
Managing Active Directory can get complicated. Often, the native tools for managing AD are just not up to the task. The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Compliance and data security require steps be taken to prevent unauthorized users from copying data. Here's one method to prevent data theft via USB drives (and writable optical media).
Let's recap what we learned from yesterday's Skyport Systems webinar.
- Ransomware
- Experts Exchange
- Skyport Systems
- Active Directory
- Security
- *privileged credentials
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller.
Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month9 days, 11 hours left to enroll
610 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.