Raising Domain/Forest Level to Windows 2003 (from a retired Windows 2000 DC)

I'm setting up a new server machine running windows server 2012 r2 and wanted to make this a domain controller. So I added it first as a member server to the existing domain we have. Current DC is a 2003 server. However the functional level is still Windows 2000 because it used to connect to another windows 2000 DC. The DC with Windows 2000 has been retired a year ago and I still see the name of the retired DC in active directory, although I couldn't really manage it because its not connected anymore. Following what I read about manually raising domain functional level to Windows Server 2003 using adsiedit.msc (changing msDS-Behavior from value 0 to 2) as well as the forest's functional level, is there any other thing I need to do and check? I dont want to mess the only server (DC) we have and need a smooth DCPROMO on the 2012 Server.

Need a detailed help.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jeff GloverSr. Systems AdministratorCommented:
If the Windows 2000 DC is retired, but still shows in AD, then it was not retired correctly and you need to do a Metadata cleanup before you can raise the Forest and Domain functional levels. You use NTDSUtil for this.This article pretty much spells it out. Although it is for Server 2003, It should work fine for 2000

Once it is cleaned from AD, you can then raise the Domain Functional Level using Active Directory Users and COmputers (do not use ADSIEdit for it) and Then the Forest level using AD domains and Trusts.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mal OsborneAlpha GeekCommented:
Yep, you should be fine going to 2003 functional level, but I too would clean up the remnants of the old server first.  Would probably still be fine without doing that, but it I better to have everything neat and simple.
lesteratuniversalAuthor Commented:
I did try the ntdsutil to remove the decommissioned DC server's metadata but I got this error:

Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (B
AD_NAME), data 8350, best match of:
        'CN=Ntds Settings,Server01'

Win32 error returned is 0x208f(The object name has bad syntax.)
Unable to determine the domain hosted by the Active Directory Domain Controller
(5). Please use the connection menu to specify it.
Any idea? the DC object I plan to remove is SERVER01.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Jeff GloverSr. Systems AdministratorCommented:
Where in the process were you getting the error? When you select the object or when you try to remove it?
lesteratuniversalAuthor Commented:
That's when I type remove selected server SERVER01 at metadata cleanup prompt (running Windows Server 2003 SP2).
Jeff GloverSr. Systems AdministratorCommented:
So, it is Server 2003 SP1,or 2? If so, you have to type remove selected Server cn=server01,cn=Servers,cn=SiteName, cn=Sites,cn=Configuration,dc=Forestrootdomain,dc=tld. Pre 2003SP1 had you fill in all those entries using connections. Now you have to use the full Distinguished name.
Jeff GloverSr. Systems AdministratorCommented:
Obviously, you would have to put in the sitename, if you do not know it, you can get it from NTDSUtil by using Select Operation Target. (it is in the instructions in the technet article.
lesteratuniversalAuthor Commented:
I followed the instruction that was on the link but I should follow the instruction that says 'without service pack' even if I'm on SP2. the metadata cleanup looks successful and will now proceed with next steps. I will keep you posted. thank you for help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.