No announcement yet.

Effect of raising domain functional level on AD LDS and IIS

  • Filter
  • Time
  • Show
Clear All
new posts

  • Effect of raising domain functional level on AD LDS and IIS

    I currently have an instance of AD LDS running on a 2008 R2 member server, with an application running in IIS (.net 4.0) which uses integrated authentication to authenticate users, does queries to AD, and updates certain fields in AD, and in the local ADLDS instance. The current domain functional level is 2003 R2. The plan is to raise the domain functional level to 2012 R2. My questions:

    What are the potential problems for reading/writing to AD? For ADLDS? for IIS, integrated authentication?
    Is there anything I will need to do? hotfixes?


  • #2
    There shouldn't be any issues for you current systems, however I cannot guarantee this due to not knowing your infrastructure. Typically though updating these levels only has an impact on AD rather than applications that leverage AD.

    I would start reading here

    Then you can get more info here

    As always have a proper test bed and ensure that you test the upgrade prior to rolling back. In the first article there is a rollback method but it is NOT simple to do, well it is it just involves a massive amount of work on your part.


    • #3
      Sadly, I'm just a small part of the change, and I wont be able to test prior to the upgrade, and only have a few hours to get everything working following the upgrade, sigh... so that's why I'm trying to get as much info about what to expect as possible! Thanks!


      • #4
        Everything should be fine as it only really affects AD and not applications that are tied to AD.

        Shouldn't those who have the authority to do so have this fully tested for functionality?