Solved

Active Directory 2003 Upgrade Functionality Level to 2008

Posted on 2014-01-17
13
433 Views
Last Modified: 2014-01-21
OK so we are currently at a 2003 AD Functionality level .  We need to raise it to 2008.  My understanding is the biggest Pitfalls are

1.  Make sure all Domain Controllers are 2008 or higher OS
2.  Make sure we no longer have Windows 2000 Servers on the domain?

All my domains Controllers are 2008 R2.  I have 6 remaining Win 2000 Servers but they haven't been access in over a year so I'm going to Spin them down.  I believe  all I have to do to raise the AD Level is click the drop down and select 2008.  Are there any other disasters I should be  on the lookout to avoid? Any prerequisites I need or should beforehand?

Thanks In Advance!
0
Comment
Question by:Twhite0909
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 2
  • 2
  • +2
13 Comments
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39788842
Have a System State backup of your DCs.

Since all are 2008 R2 why not step up to that?

Then go on to enable the Active Directory Recycle Bin:
http://bit.ly/KntUKq

That provides an extra layer of protection for your AD objects. :)

Philip
0
 

Author Comment

by:Twhite0909
ID: 39788866
Is there anything with Exchange or any other systems I need to worry about or take into account concerning the upgrade of level?
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39788941
Version(s) of Exchange?

Philip
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39789040
You only need to worry about the OS version of the DC's. To raise the functional level all DC"s need to have the same OS. If the Win2000 servers are members servers then you do not have to colaps them. They can stay in the environment. It is only for the DC's. For Exchange You do not need to worry about anything. Exchange will continue to work accordingly, just make sure that your DC's are also GC's and you'll be fine.

Will.
0
 

Author Comment

by:Twhite0909
ID: 39789206
Ok great so last one:

DO I have to the LDAP changes or can I just go to ADUC and click 2008 from drop down then go to AD Sites and Services and Click the 2008 there?  I see documents showing querys and changes to make through LDAP?  is it needed or just simply click drop drowns and hit 2008?

Thanks alot louver been awesome
0
 

Author Comment

by:Twhite0909
ID: 39789266
that was mean to say you've been awesome.  I have no idea how it came be "Louver" but sounds like LOVER LMFAO!!
0
 

Author Comment

by:Twhite0909
ID: 39789281
I lied...one more

I currently have multiple trusts between a few domains.  Will this Raise of level break those trusts or will they remain?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39789312
If you raise the functional level of the DOMAIN then all DCs in the domain must be 2008 or later its only DCs that matter - servers than are not DCs don't matter.

If you raise the functional level of the FOREST then all DCs in the FOREST must be 2008 or later its only DCs that matter - again servers than are not DCs don't matter.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39789342
Having Domain Trusts will not casue them to break. They will still be in tact. Raising the Functional Level simply provides new features based on the level you are going to.

Before raising the funtional level make sure that your replicaiton is working accordingly.

You can test replication with the below commands...

- repadmin /replsum
- repamdin /showrepl
- dcdiag /v

Once these have been verified you are safe to raise the functional level. If you do not have multiple domains in your forest i would recommend raise both the Forest and the Domain functional level.

Will.
0
 

Author Comment

by:Twhite0909
ID: 39789357
SO Trusts dont matter here either right? The Trusts will remain
0
 

Author Comment

by:Twhite0909
ID: 39789358
Sorry posted my last before I saw yours Ignore my last message and TY VERY MUCH!
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39791122
Remember, after raising domain and forest functional level, there is no roll back

Just check below articles once before proceeding for possible impacts

http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
http://blogs.technet.com/b/askpfeplat/archive/2012/04/09/a-few-things-you-should-know-about-raising-the-dfl-and-or-ffl-to-windows-server-2008-r2.aspx

Also make sure that all your production applications are compatible with 2008 functional levels
Its almost compatible and you will not face issue most probably, but still make them aware about changes and get assured that applications are compatible with 2008 functional levels

The only intention is, if you have bunch of business applications, and any application breaks unfortunately post activity, you need to make appropriate changes in that application as there is no back from AD end and only option in that case is "Active Directory Forest Recovery.

Mahesh
0
 

Author Comment

by:Twhite0909
ID: 39798290
...
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question