Elevating Domain functional level

hi guys

We have an environment with two Windows 2003 servers in remote sites that talk to one another via VPN. Today I went to incorporate a new Windows 2012 R2 server in the hope that I could get rid of one of the old servers. But no, it couldn't be simple could it? The current functional level is set to Windows 2000 so I had to stop the upgrade as it couldn't go further.

If I went ahead and elevated the domain functional level to Windows 2003 are there any risks?

What steps would you take?

Thank you
Who is Participating?
Speaking of just raising the functional level from 2000 to 2003.
Just run checks to verify things are healthy first (like dcdiag, repadmin).  I've never heard of raising the level causing a problem, only potentially exposing a problem that already existed.
StuartTechnical Architect - CloudCommented:
Only if you have existing DCs running server 2000
Lee W, MVPTechnology and Business Process AdvisorCommented:
It can't be simple jumping 5 versions.

Provided you have no more 2000 DCs on the network, you shouldn't have any issues upgrade the domain and forest functional levels to 2003.  However, there can be a host of other issues and you may find it easier to migrate to 2008 R2 FIRST, then migrate to 2012R2.  (You really should wait 11 years to upgrade your network - VERY problematic).  

If you don't have experience doing this, I suggest you setup a test environment and spend a few weeks learning Active Directory and the changes 2012 requires and what to expect.  If you don't have the time to waste doing that, I suggest you hire professionals to handle this for you.
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

YashyAuthor Commented:
Thanks for the feedback guys.

I actually had this passed down to me in the company. This is because the environment is for our shops. We have over 400 Windows XP tills etc which talk to these DC's.

I got the Windows 2012 R2 in order to set up AD with a Windows 2003 functional level. However, seeing as have two DC's running Windows 2003 but on a 2000 functional level it has become a hassle. I went ahead with DCPromo, but this ended the situation and I didn't go ahead and wanted to ask you guys first.

I know AD, however I have not tried to elevate it from something so old hence my question.
Abraham O'DriscollSystems AdministratorCommented:
Be very, very careful as this is a one way street procedure.

I would highly recommend doing it in stages, and two over the course of two months so that way you don't do a huge jump and encounter compatibility issues with applications.

2000 to 2003  (No DCs Running 2000)
2003 to 2008 R2 (No DCs Running 2003)
2008 R2 - 2012 R2 (No DCs Running 2008 R2)

Have a read of the technet article


As @LeeW Suggested please for the love that is all holy, take a copy of the environment if you can and do a simulated upgrade so you know what to watch for.  

I am going to irritate that this is a one way procedure and can go very wrong if you rush through it.
Lee W, MVPTechnology and Business Process AdvisorCommented:
If you know AD, then you know raising the domain and forest functional levels from 2000 to 2003 is not generally a problem.

You should also know to run DCDIAG /C /E /V prior to performing any kind of maintenance on AD and / or adding or removing DCs.  And you should know to check DC replication with REPADMIN /SHOWREPL also before doing anything.  You should know to test this in a test environment first.  Asking a question is great... but especially a network of 400 machines (also horribly outdated), you should know these things.

If not, you don't have to admit it to us... but admit it to yourself and that it would be foolish IF YOU DON'T KNOW THESE THINGS for you to be the one proceeding.  If you DON'T know these things for the sake of your job and your company, go to your boss and TELL HIM you are not qualified to do this alone and you need professional expert help... not just in terms of being able to ask questions.

Knowing WHAT to do is just as important in knowing what NOT to do.  Just because it looks like you are able to do something doesn't mean you should do it.  Another thing you should know.

My opinion.
Good Luck.
Senior IT System EngineerIT ProfessionalCommented:

let us know how it goes.
yo_beeDirector of Information TechnologyCommented:
Not to disparage your knowledge of AD, but from the way you online your question you do not seem to have a solid grasp on this technology. You mentioned the reason you are adding a 2012 DC to your environment is to get to a 2003 FL and DL.  This component is not needed to get to 2003 level, but is needed for. 2013 level. I feel strongly with what Lee recommends and it would be better seeking assistance rather than doing this solo. This can be a great learning experience working with an expert.  You do not want to break this because you missed a step or neglected a check which server is responsible for which FSMO role.
YashyAuthor Commented:
Hi guys,

It was very simple to do. We didn't have any Windows 2000 domain controllers in the first place.

Secondly, I checked for which DC had the FSMO roles. The one Domain Controller which is proving problematic had 1 role and that was the Schema Master role.

This is the step by step I took in order for the Domain Functional level to go from Windows 2000 to Windows 2003.

Step 1.

Do a backup of the System state of ALL DC's using the Windows Backup Utility.

Step 2.

Find out which DC has which FSMO roles by opening the command prompt on a DC and running 'NetDOM /query FSMO'. In my case, the problematic server had the Schema Master role. So, I transferred that across to the other Domain Controller with  4 roles.

Step 3.

Go to start-> Run. In there type 'regsvr32 schmmgmt.dll'. Press OK. You should receive a success confirmation.

a. From the Run command open an MMC Console by typing MMC.

b. On the Console menu, press Add/Remove Snap-in.

c. Press Add. Select Active Directory Schema.

d. Press Add and press Close. Press OK.

e. If you are NOT logged onto the target domain controller, in the snap-in, right-click the Active Directory Schema icon in the Console Root and press Change Domain Controller.

f. Press Specify …. and type the name of the new role holder. Press OK.

g. Right-click right-click the Active Directory Schema icon again and press Operation Masters.

Press the Change button.

Press OK all the way out.

Step 4.

Once this was done, I literally went to our problematic domain controller (didn't have to be this one, could have been another DC too) and raised the domain functional level by going into Active Directory Users & Computers and right clicking on the domain name and selecting 'Raise domain functional level'. I selected 2003 and that was it.

I then ensured that this had replicated across to our other sites also by checking the other DC's. It had.

Sorry it took me a while to respond, I was away on holiday. But I thought I would at least share my steps with you.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.