Announcement

Collapse
No announcement yet.

Raising Forest Level - Risks & Tests??

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Raising Forest Level - Risks & Tests??

    Hi,

    I've raise all my child domains (8 in total) to function level 2003 and now need to raise the forest level to 2003.

    What are the risk of doing this and are there any test I can do once done to make sure it worked OK?

    Thanks

  • #2
    Re: Raising Forest Level - Risks & Tests??

    Hi,

    The only risk is that the process is irreversible so you'll need to make sure that the OS is supported on that particular Functional level beforehand.

    How to check which domain function level is set for the domain
    • Open the Active Directory Domains And Trusts console
    • Right-click the particular domain whose functional level you want verify, and select Raise Domain Functional Level from the shortcut menu.
    • The Raise Domain Functional Level dialog box opens
    • You can view the existing domain functional level for the domain in Current domain functional level.


    How to check which forest functional level is set for the forest
    • Open the Active Directory Domains And Trusts console
    • Right-click Active Directory Domains and Trusts in the console tree, and select Raise Forest Functional Level from the shortcut menu.
    • The Raise Forest Functional Level dialog box opens
    • You can view the existing domain functional level for the domain in Current forest functional level.


    Also have a look at this for new features introduced in each functional level: http://www.tech-faq.com/forest-and-d...l-levels.shtml
    Last edited by L4ndy; 25th March 2009, 14:46.
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Raising Forest Level - Risks & Tests??

      Thanks L4ndy, but I know how to raise the domain/forest level. What I'm not sure about is the risk's with doing this and the testing afterwards.

      Thanks

      Comment


      • #4
        Re: Raising Forest Level - Risks & Tests??

        Originally posted by DThorne View Post
        Thanks L4ndy, but I know how to raise the domain/forest level. What I'm not sure about is the risk's with doing this and the testing afterwards.

        Thanks
        Hi DThorne,

        I didn't tell you how to raise the functional level but to Check it as extracted from the article in the link.
        Also read on the article and check if any of the features introduced in the functional level you have set, Is present.

        Thanks
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: Raising Forest Level - Risks & Tests??

          The risk is low, I've never heard of a functional raise going bad. If it does happen the Schema cannot be authoritatively restored. So you're looking at a complete forest level restore.

          Just unplug a two DCs from each domain, including the root, raise the forest level and if its all good you can plug the others back in after a full replication cycle.

          Comment


          • #6
            Re: Raising Forest Level - Risks & Tests??

            I've never had an issue with raising forest level either. However, I always take a system state backup first of all before making this sort of change.

            Comment


            • #7
              Re: Raising Forest Level - Risks & Tests??

              You could also check it with any of the LDAP tools (ldp.exe, adsiedit.msc)
              You'll need to look for the value of the msDS-Behavior-Version attribute.

              Forest level setting
              The attribute is msDS-Behavior-Version on the CN=Partitions, CN=Configuration, DC=ForestRootDom, DC=tld object.
              • Value of 0 or not set=mixed level forest
              • Value of 1=Windows Server 2003 interim forest level
              • Value of 2=Windows Server 2003 forest level


              Domain functional level setting
              The attribute is msDS-Behavior-Version on the NC head root of each domain DC=Mydomain, DC=ForestRootDom, DC=tld object.
              • Value of 0 or not set=mixed level domain
              • Value of 1=Windows Server 2003 domain level
              • Value of 2=Windows Server 2003 domain level


              Ref: http://support.microsoft.com/kb/322692/en-us
              Caesar's cipher - 3

              ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

              SFX JNRS FC U6 MNGR

              Comment


              • #8
                Re: Raising Forest Level - Risks & Tests??

                FYI, I've spent a very very long time justifying such an update to a client's infrastructure, trying to document every possible impact, etc.

                It was a very special domain, with tons of old machines, legacy stuff, etc. Of course, all my DCs were up to date.

                We had no issue with any member servers, and no issue with any application.

                What really helped me justify the move was this document:
                http://support.microsoft.com/kb/322692/en-us - especially the first note:

                Note Network clients can authenticate or access resources in the domain or forest without being affected by the Windows Server 2003 domain or forest functional levels. These levels only affect the way that domain controllers interact with each other.
                VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

                Comment

                Working...
                X