Solved

Elevating Domain functional level

Posted on 2016-08-16
9
107 Views
1 Endorsement
Last Modified: 2016-09-02
hi guys

We have an environment with two Windows 2003 servers in remote sites that talk to one another via VPN. Today I went to incorporate a new Windows 2012 R2 server in the hope that I could get rid of one of the old servers. But no, it couldn't be simple could it? The current functional level is set to Windows 2000 so I had to stop the upgrade as it couldn't go further.

If I went ahead and elevated the domain functional level to Windows 2003 are there any risks?

What steps would you take?

Thank you
Yashy
1
Comment
Question by:Yashy
9 Comments
 
LVL 8

Expert Comment

by:Stuart
ID: 41758575
Only if you have existing DCs running server 2000
1
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 41758579
It can't be simple jumping 5 versions.

Provided you have no more 2000 DCs on the network, you shouldn't have any issues upgrade the domain and forest functional levels to 2003.  However, there can be a host of other issues and you may find it easier to migrate to 2008 R2 FIRST, then migrate to 2012R2.  (You really should wait 11 years to upgrade your network - VERY problematic).  

If you don't have experience doing this, I suggest you setup a test environment and spend a few weeks learning Active Directory and the changes 2012 requires and what to expect.  If you don't have the time to waste doing that, I suggest you hire professionals to handle this for you.
2
 
LVL 1

Author Comment

by:Yashy
ID: 41758584
Thanks for the feedback guys.

I actually had this passed down to me in the company. This is because the environment is for our shops. We have over 400 Windows XP tills etc which talk to these DC's.

I got the Windows 2012 R2 in order to set up AD with a Windows 2003 functional level. However, seeing as have two DC's running Windows 2003 but on a 2000 functional level it has become a hassle. I went ahead with DCPromo, but this ended the situation and I didn't go ahead and wanted to ask you guys first.

I know AD, however I have not tried to elevate it from something so old hence my question.
0
 
LVL 39

Accepted Solution

by:
footech earned 250 total points
ID: 41758597
Speaking of just raising the functional level from 2000 to 2003.
Just run checks to verify things are healthy first (like dcdiag, repadmin).  I've never heard of raising the level causing a problem, only potentially exposing a problem that already existed.
0
 
LVL 1

Expert Comment

by:SilentLeges
ID: 41758622
Be very, very careful as this is a one way street procedure.

I would highly recommend doing it in stages, and two over the course of two months so that way you don't do a huge jump and encounter compatibility issues with applications.

2000 to 2003  (No DCs Running 2000)
2003 to 2008 R2 (No DCs Running 2003)
2008 R2 - 2012 R2 (No DCs Running 2008 R2)

Have a read of the technet article

https://technet.microsoft.com/en-us/library/cc771949(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx

As @LeeW Suggested please for the love that is all holy, take a copy of the environment if you can and do a simulated upgrade so you know what to watch for.  

I am going to irritate that this is a one way procedure and can go very wrong if you rush through it.
1
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 41758642
If you know AD, then you know raising the domain and forest functional levels from 2000 to 2003 is not generally a problem.

You should also know to run DCDIAG /C /E /V prior to performing any kind of maintenance on AD and / or adding or removing DCs.  And you should know to check DC replication with REPADMIN /SHOWREPL also before doing anything.  You should know to test this in a test environment first.  Asking a question is great... but especially a network of 400 machines (also horribly outdated), you should know these things.

If not, you don't have to admit it to us... but admit it to yourself and that it would be foolish IF YOU DON'T KNOW THESE THINGS for you to be the one proceeding.  If you DON'T know these things for the sake of your job and your company, go to your boss and TELL HIM you are not qualified to do this alone and you need professional expert help... not just in terms of being able to ask questions.

Knowing WHAT to do is just as important in knowing what NOT to do.  Just because it looks like you are able to do something doesn't mean you should do it.  Another thing you should know.

My opinion.
Good Luck.
4
 
LVL 7

Expert Comment

by:Senior IT System Engineer
ID: 41758685
Yashy,

let us know how it goes.
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 41758772
Not to disparage your knowledge of AD, but from the way you online your question you do not seem to have a solid grasp on this technology. You mentioned the reason you are adding a 2012 DC to your environment is to get to a 2003 FL and DL.  This component is not needed to get to 2003 level, but is needed for. 2013 level. I feel strongly with what Lee recommends and it would be better seeking assistance rather than doing this solo. This can be a great learning experience working with an expert.  You do not want to break this because you missed a step or neglected a check which server is responsible for which FSMO role.
0
 
LVL 1

Author Closing Comment

by:Yashy
ID: 41781394
Hi guys,

It was very simple to do. We didn't have any Windows 2000 domain controllers in the first place.

Secondly, I checked for which DC had the FSMO roles. The one Domain Controller which is proving problematic had 1 role and that was the Schema Master role.

This is the step by step I took in order for the Domain Functional level to go from Windows 2000 to Windows 2003.

Step 1.

Do a backup of the System state of ALL DC's using the Windows Backup Utility.

Step 2.

Find out which DC has which FSMO roles by opening the command prompt on a DC and running 'NetDOM /query FSMO'. In my case, the problematic server had the Schema Master role. So, I transferred that across to the other Domain Controller with  4 roles.

Step 3.

Go to start-> Run. In there type 'regsvr32 schmmgmt.dll'. Press OK. You should receive a success confirmation.

a. From the Run command open an MMC Console by typing MMC.

b. On the Console menu, press Add/Remove Snap-in.

c. Press Add. Select Active Directory Schema.

d. Press Add and press Close. Press OK.

e. If you are NOT logged onto the target domain controller, in the snap-in, right-click the Active Directory Schema icon in the Console Root and press Change Domain Controller.

f. Press Specify …. and type the name of the new role holder. Press OK.

g. Right-click right-click the Active Directory Schema icon again and press Operation Masters.

Press the Change button.

Press OK all the way out.

Step 4.

Once this was done, I literally went to our problematic domain controller (didn't have to be this one, could have been another DC too) and raised the domain functional level by going into Active Directory Users & Computers and right clicking on the domain name and selecting 'Raise domain functional level'. I selected 2003 and that was it.

I then ensured that this had replicated across to our other sites also by checking the other DC's. It had.


Sorry it took me a while to respond, I was away on holiday. But I thought I would at least share my steps with you.


Thanks
Yash
0

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now