Solved

I am in the process of raising our Active Directory Windows 2008 Domain and Forest levels to Windows 2008 R2.

Posted on 2015-02-16
8
77 Views
Last Modified: 2015-02-17
I am in the process of raising our Active Directory Windows 2008 Domain and Forest levels to Windows 2008 R2.

My understanding is that there is no roll back plan if goes wrong.

This makes our Change Board extremely nervous and refuses to give approval for the change to go ahead. Also, we have a lot of legacy applications that date back years.

Does anyone knows or have any scenarios / plans to raise Domain and Forest level to Windows 2008 R2 with roll back plan? Any suggestion will help.

Many Thanks in advance of your help.

Nikky
0
Comment
Question by:Nike_Baby
  • 4
  • 3
8 Comments
 
LVL 11

Expert Comment

by:andreas
Comment Utility
sorry for rollback ive no plan.

I would make a test setup and do the raising there in the virtual testing environment, then test the apps there if still working.
0
 
LVL 32

Expert Comment

by:it_saige
Comment Utility
You can revert the Forest and Domain Functional Levels (in certain cases):

http://social.technet.microsoft.com/wiki/contents/articles/850.how-to-revert-back-or-lower-the-active-directory-forest-and-domain-functional-levels-in-windows-server-2008-r2.aspx
http://www.open-a-socket.com/index.php/2009/11/06/how-to-revert-the-forest-functional-level-in-windows-server-2008-r2/

Another possibility to roll-back the changes is to take a backup of your AD database and then do an Authorative Active Directory Restore to revert the changes.

I would setup a VM environment to test this capability and to familiarize yourself with the process.

-saige-
0
 

Author Comment

by:Nike_Baby
Comment Utility
Dear All,

Thank you for all your good suggestions / recommendations.

For your information:
•      We currently have Active Directory 2008.
•      Our current DFL is Windows Server 2003
•      Our current FFL is Windows Server 2003

1.      Does anyone have a step by step plan for raising DFL and FFL and lesson learn / issue to avoid if any?
2.      What is the different between raising to Windows 2008 or Windows 2008 R2 / which one should I go for and why?
3.      Is the only possibility to roll-back the changes is to take a backup of the our AD database and then do an Authoritative Active Directory Restore to revert the changes?


Many Thanks

Nike_Baby
0
 
LVL 32

Expert Comment

by:it_saige
Comment Utility
The ability to roll-back DFL/FFL was not introduced until Server 2008 R2, so ultimately, your only (and best) option is the Authorative Active Directory Restore for rolling back the changes.

As for the differences between Windows 2008 and Windows 2008 R2; Microsoft has a TID that discusses the changes from on level to the next available here - Understanding Active Directory Domain Services (AD DS) Functional Levels.

To answer the question of which one you should go for really depends on the DC Operating System's that you have in place (member server and workstation operating system levels are not a factor).  You can only raise the Domain and Forest Functional Level's to the level supported by the lowest operating system that you have installed on your DC's.  In other words, if you have a Windows 2003 DC, then you cannot raise the Domain and Forest Functional Levels beyond Windows 2003 until the Windows 2003 Server is demoted.  So since you have identified your Active Directory as 2008, if you have at least one Windows 2008 Server, then you cannot raise the Domain and Forest Functional Levels to Windows 2008 R2 until all Windows 2008 Servers are demoted leaving nothing but Windows 2008 R2, Windows 2012 and Windows 2012 R2 DCs.

-saige-
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:Nike_Baby
Comment Utility
Thank you Saige!

All my DC's are Windows Server 2008 R2.

You make it sound so easy to do this :) in your experience any possible issues /  Gotcha's I should watch out for?

Nike_Baby
0
 
LVL 32

Accepted Solution

by:
it_saige earned 500 total points
Comment Utility
I would recommend running a DCDIAG just to check the health of your domain.  If you get a clean bill of health from DCDIAG, then in reality there is no cause for concern.

Remember, the Functional Level of the Domain and Forest do more to affect the DC's than the actual clients.

-saige-
0
 

Author Closing Comment

by:Nike_Baby
Comment Utility
It is great to have someone like saige, who is patient and take time to clearly explain  things to rookie lime me. Saige  you are great and thanks a Zillion!

Nikky
0
 
LVL 32

Expert Comment

by:it_saige
Comment Utility
Glad to help.

-saige-
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This article describes how to set permissions to allow a limited-permissions user to start and stop a particular System Service.   It is always best to give users only the permissions that they need to perform their job, so tweaking particular permi…
The way I use Experts Exchange to assist me in analyzing and diagnosing a problem is I first enter a Verbose Question at Experts Exchange like: Office 2007 will hang when opening and saving files I then launch WordPad (any text editor will do) an…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now