Server 2000 DC moving to Server 2012R2 - forest functional level

hello, we have a domain containing one DC (other DC failed) which is running server 2000, the domain functional level is 2000

the 2000 server is the last to be replaced in our domain, everythign else is using Server 2012/ 2012R2

i have two brand new 2012 servers that i want to take over the running of the domain, i have just tried to promo one of the new servers an hit an error

"Verification of replica failed. the forest functional level is Windows 2000. To install Windows Server 2012 R2 domain or domain controller, the forest functional level must be Windows Server 2003 or higher"

now, will the existing DC (W2k) upgrade the domain functional level to 2003 - if so how can i do it without effect domain services

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
You have the unenviable task of introducing a 2003 or 2008 DC into your environment as an interim step.  You'll have to add the 2003/2008 DC. Demote the 2003. Raise the functional level to 2003 Native. And *then* add the 2012 DC.  There is no way to introduce a 2012 DC while a 2000 DC exists on the network.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mudcow007Author Commented:
cheers Cliff

 i forgot to add, we already have a few 08r2 machines hanging around already, could I promo them, demote the y2k, upgrade the functional level, then promo the 12r2 servers?

demote 08 server, then upgrade the functional level to 12r2

would that work?

can this be done in a live environment, or best to do at twilight?

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Cliff GaliherCommented:
In a vacuum, yes what you propose would work.


Anybody who has 2008 R2 machines "hanging around" probably has them doing stuff. If they are sitting idle, I'd ask what is the point of that?  A machine that you have to patch, maintain, still may have vulnerabilities (every OS ever has them) so sitting idle is a security concern to be sure.  So....let's assume these machines actually have workloads.  Will those workloads like the machine suddenly being a DC?  Probably not. MOST workloads will fall over because of the underlying changes a DC makes to the local security landscape.  

As far as whether it can be done in a live environment, possibly. But certainly not all at once. Because this is your only DC, if you demote it too soon after introducing the new one, you'll introduce challenges with clients finding the new DC given the default TTL in windows DNS and potential DHCP lease changes you'll also have to make. You are looking at introducing incremental changes spanning weeks. Not one big-bang deployment.
mudcow007Author Commented:

i have created a VM on one of our 08r2 servers (which main role is SSAS), promoted it an have been watching the event viewer for errors - which there were none :)

now, the old 2000 DC is also our DNS server, if i transfer the FSMO roles to the new 08r2 can i leave the DNS on 2000, then when im able to promote the 12r2 servers i can then shift DNS onto them - if that makes sense?

thanks for the suggestions so far, they have been great...
Cliff GaliherCommented:
Usually no. The issue is that your DNS zones are likely AD integrated so demoting the 2000 server will break them. You could go through hoops to change them and set up zone transfers, but at that point you might as well have just moved DNS to the new server anyways.
mudcow007Author Commented:
the only issue with moving the dns to another box (which i will have to move again) is changing all the clients - we only have 50 users, but they are spread over a massive factory

looking at domain properties (in DNS - 2000) under general it states "Active Directory - integrated"

when i promoted the 08r2 box, i also made it a DNS server - this has already propagated from the 2000 server

do i now need to point the clients at the "new" dns server?
Cliff GaliherCommented:
mudcow007Author Commented:

moved all the clients to point to new DNS server

if any clients arn't pointing at the new server when i demote the old DC (which was the old DNS server) what is likely to happen?

Cliff GaliherCommented:
Well, it is DNS. So almost everything would break.
mudcow007Author Commented:
right, all clients are not pointing at new DNS

(and are confirmed pointing at new DC & DNS)

i have just gone to demote the old 2000 server

ran > dcpromo

and got

"The operations failed because:
 A domain controller could not be contacted for the domain hello.ds that contained an account for this computer. Make a computer a member of a workgroup then rejoin the domain before retrying the promotion"

found its because the 2000 server had its self as its preferred dns server, changed this to the 2008r2 server an its not running the demotion....
mudcow007Author Commented:

i have successfully removed the server 2000 DC

we are all still able to log onto the domain!! :)

im now tryign to configure the 12R2 server to be a DC, installed Active Directory Domain Services, when that was finished clicked on the yellow flag (in server manager) to promote server as a DC, as it begins to load it fails with

"Verification of replica failed. The forest functional Level is Windows 2000. To install Server 2012 R2 the forest must be 2003 or higher"

if i go to the 2008R2 DC, right click on the domain within Domains & trusts - it states the domain level is 2008 R2!?

anyone help please

Cliff GaliherCommented:
Domain Functional Level and *FOREST* Functional Level are two *different* things. You have to bump them *both* up. As the error indicates, the forest is still 2000. And your description shows you only checked the domain.
mudcow007Author Commented:
fantastic cheers guys, all sorted!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.