Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Will my AD Trust be affected by raising the forest level?

Posted on 2014-11-17
2
Medium Priority
?
1,592 Views
Last Modified: 2014-11-18
We have two different forests.

Forest 1 = domainA.local
Forest 2 = domainB.com

These are two separate forests but there is a trust between the two of them in order to allow access to certain systems and services on the domainB.com network.  There is also a Site to Site VPN between the two locations.  You can see the entire directory in the attached image.

domainB.com has all domain controllers with 2008 R2.  domainA.local has 2003 Domain Controllers.  The forest level of domainB.com has been left at 2003 due to not knowing if raising the forest level will affect the trust in any way.  

Is it safe to say I can raise the function level of the domainB.com trust to 2008 R2 without affecting the domainA.local domain.  I would like to take advantage of other features in a 2008 R2 domain level.  

Any assistance is appreciated.
Forest.jpg
0
Comment
Question by:Shawn Cøady
2 Comments
 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 40449138
I don't see any problems in raising functional level to 2008 R2
This is totally for internal AD configuration purpose and it decide which version of DC (2003 \ 2008 \ 2008 R2) can be placed in domain or forest. Also it will add new functionalities with AD.
It has nothing to do with trust. Trust will work as it is.
U already have 2003 functional levels.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/9d127cd7-9d0a-4bbb-9586-014f46d004c6/risks-of-raising-domainforest-functional-level-from-2003-mixed-to-2008-native?forum=winserverDS

Only if you have any legacy application servers which are also integrated with active directory, just ensure that they are working with 2008 R2 active directory.
If they are working, raising functional levels will not make any difference
U might want to go through below links to understand other impacts if any

Check below link for possible impact
http://blogs.technet.com/b/askpfeplat/archive/2012/04/09/a-few-things-you-should-know-about-raising-the-dfl-and-or-ffl-to-windows-server-2008-r2.aspx
http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
0
 
LVL 3

Author Closing Comment

by:Shawn Cøady
ID: 40450123
Thanks for the insight and documentation.  I didn't think it would matter but thought I would confirm by ideas first.  I will still give your articles a read to see if there is any additional info I might want.  Again much appreciated.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question