Managing Active Directory can get complicated. Often, the native tools for managing AD are just not up to the task. The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.
Course Of The Month
5 days, 20 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Raising Forest and Domain functional levels to 2008 R2.
Posted on 2013-01-03
Just putting this out there to see if anyone has any good info or experiences to share before proceeding with this process.
I currently has a network with 1 Forest and 3 Domains. Within that there are a total of 10 Domain Controllers spread out between each of the domains within this forest. All of the Domain Controllers are running Windows Server 2008 R2 as their OS, but Active Directory is running under 2003 functional level for both the forst and domain.
I am at a point where i would like to raise both the forest and domain functional levels from 2003 to 2008 R2. Just looking for any insight anyone may be able to share. Specifically i want to ensure that all of our applications will continue to function and not have any issues authenicating. We have over 1000 servers and over 5000 end users. Apps range from Office, Exchange, SQL, Sharepoint, etc.
I currently has a network with 1 Forest and 3 Domains. Within that there are a total of 10 Domain Controllers spread out between each of the domains within this forest. All of the Domain Controllers are running Windows Server 2008 R2 as their OS, but Active Directory is running under 2003 functional level for both the forst and domain.
I am at a point where i would like to raise both the forest and domain functional levels from 2003 to 2008 R2. Just looking for any insight anyone may be able to share. Specifically i want to ensure that all of our applications will continue to function and not have any issues authenicating. We have over 1000 servers and over 5000 end users. Apps range from Office, Exchange, SQL, Sharepoint, etc.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
- +4
8 Comments
There is no catch here. Raise the domain and the forest functional level. Just wait for the replication to happen. I would raise the domain FL and wait 1 or 2 days before raising the forest FL, then proceed with the forest FL.
Active 2 days ago
Straight from Microsoft's Active Directory Team:
http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
You should be good to raise your functional levels but check the below link out to make sure Exchange is set to run.
http://technet.microsoft.com/en-us/library/ff728623(v=exchg.141).aspx
http://technet.microsoft.com/en-us/library/ff728623(v=exchg.141).aspx
Just to answer Rancy's question, lots of reasons to want to raise the functional level (AD recycle bin and Fine grained passwords are to new features he will have access to once the functional level is raised).
Do you have any old NT machines anywhere?
Thanks
Mike
Do you have any old NT machines anywhere?
Thanks
Mike
Active today
I would agree with clonyxlro to upgrade step by step ..i.e update the DFL first give it time of atleast 1-2 working days then once all your domain are running 2008 R2 DFL then shoot the Forest upgrade ...take the system state backup of once DC in each domain prior upgrading DFL
In response to Rancy's post, I would like to have access to the recycle bin and also as mentioned by mkline71 the password policy changes would also be nice as well. I really just dont want to have AD behind my OS. If I can run it under 2008 R2, why leave it running 2003. My next step is to start looking into rolling out 2012 servers and DCs. My office never has an OS running that is more then 1 level behind. So with the release of 2012 we have to ensure that all servers are 2008 and above. Right now we only have a few 2003 left. By the end of 2013 of the 1000 servers we have there may be 25 or so which arent 2008 or higher.
I would just feel better having my DCs 2008 R2 for funtional level as well as OS, before i started getting into 2012. That way it really is just 1 step up.
I would just feel better having my DCs 2008 R2 for funtional level as well as OS, before i started getting into 2012. That way it really is just 1 step up.
Featured Post
On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
A hard and fast method for reducing Active Directory Administrators members.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month5 days, 20 hours left to enroll
Earn Certification
MCSA Configuring Windows 7 Exam 70-680
$49.00$44.10
707 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.