Announcement

Collapse
No announcement yet.

Raising Domain functional level

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Raising Domain functional level

    Hi,
    We have a 2K3 Domain Controller and another DC working as replication partner.

    The other Servers are member server running Win 2K with only one member server running legacy application on Win NT.

    All our workstations are Win XP SP2.

    There is a DHCP running on the Domain controller as well.

    During the intial installation of the DC it was installed as Win 2K native domain.

    I have read that by raising the functional level we get additional AD features.

    Now after three months of smooth run, the following questions are coming in my mind:
    1. If we want to raise the functional level to Win 2K3 then what are the risks in our environment mentioned above.
    2. Since everything is working fine, what exactly do we achieve by raising the functional.


    The process seems to be straight forward however, do I need to take any additional precaution.

    Cheers,

    Pankajb

  • #2
    Re: Raising Domain functional level

    I guess your "other DC" is also Windows 2003?
    As long as all DC's on the domain are all Windows 2003 then you can move to the Native Mode. Member servers won't be affected.

    Features
    Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

    Comment


    • #3
      Re: Raising Domain functional level

      http://technet2.microsoft.com/window....mspx?mfr=true Has a good list of features that differ from 2000 mixed, 2000 native, and 2003 native.

      IMO the Group Nesting that is in 2000 native is a MAJOR upgrade over 2000 mixed.

      Also, what you gain by doing it now is that eventually, when you get some new applications that require a 2003 Native mode, it will already be done

      (let's say you want to get some Win 2008 RODCs, your functional level will need to be 2003+)

      Edit: Oh, just saw someone else posted that link before me.
      VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

      Comment


      • #4
        Re: Raising Domain functional level

        Thanks to SK and gepeto for your replies and the links.
        Those links gave me quite a lot of info.

        Yes, the other DC is Windows 2003 and SK mentioned that everything should be fine with the member servers.

        Any preventive measures recommended before I click on the Raise button.


        Cheers,

        Pankajb

        Comment


        • #5
          Re: Raising Domain functional level

          If you meet the requirements of all DC's being Windows 2003 then you have nothing to fear

          Click it and watch... nothing exciting happen.

          PS: Say thank you with the reputation button
          Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

          Comment


          • #6
            Re: Raising Domain functional level

            One big advantage in Windows 2003 Forest and Domain Functional Level is the ability to replicate on attribute basis rather than object basis between Domain Controllers. Also for organizations who have a firm hand on auditing and security, the Logoff time stamp in the additional account information under the Active Directory Users and Computers is a welcome.
            MCSE : Windows Server 2003

            Comment


            • #7
              Re: Raising Domain functional level

              I'm not sure if its 2000 or 2003 native mode but you cannot use Policies in Routing and Remote access until you increase the DFL.
              Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

              Comment


              • #8
                Re: Raising Domain functional level

                Just take system state backups of your domain controllers.

                If you have a problem, reboot them all in Restore mode at the same time and restore them all.
                VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

                Comment


                • #9
                  Re: Raising Domain functional level



                  Or alternatively you could restore ONE and make it Authoritative... it will replicate the domain to the others.


                  Tom
                  For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                  Anything you say will be misquoted and used against you

                  Comment


                  • #10
                    Re: Raising Domain functional level

                    I'm yet to see problems arise due to raising functional levels for a domain.
                    Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

                    Comment


                    • #11
                      Re: Raising Domain functional level

                      Same for me too but saying that is like tempting fate now..
                      cheers
                      Andy

                      Please read this before you post:


                      Quis custodiet ipsos custodes?

                      Comment


                      • #12
                        Re: Raising Domain functional level

                        Originally posted by Stonelaughter View Post


                        Or alternatively you could restore ONE and make it Authoritative... it will replicate the domain to the others.
                        Yes indeed especially if you have many domain controllers !

                        Edit: Apparently does not work , see http://support.microsoft.com/kb/322692/en-us
                        Last edited by gepeto; 21st April 2008, 19:53. Reason: Authoritative restore not good
                        VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

                        Comment


                        • #13
                          Re: Raising Domain functional level

                          Hi All,
                          That was a really awesome response from you'll and I am greatly indebted.

                          From the responses I could gather that it will be beneficial to raise the Domain functional level.

                          However, as I said that after having a smooth run for last few months I am still worried to click on the Raise button.

                          SK's Comment:
                          I'm yet to see problems arise due to raising functional levels for a domain.
                          SK's comment provokes me to click on the button straight away.

                          AndyJG247's comment :
                          Same for me too but saying that is like tempting fate now..
                          AndyJG247's comment gives me jitters.

                          However, you all mentioned that Authoritive restore will solve the problem if disaster strikes.

                          I take my System state backup everyday. Didn't require to perform any Authoritive restoration so far, hence I would try it out on a test setup and then perform the domain functional raise.

                          Thanks once again.

                          Cheers,

                          Pankajb

                          Comment


                          • #14
                            Re: Raising Domain functional level

                            Personally I wouldn't worry about the second part of my comment.
                            cheers
                            Andy

                            Please read this before you post:


                            Quis custodiet ipsos custodes?

                            Comment


                            • #15
                              Re: Raising Domain functional level

                              Originally posted by pankajb View Post
                              Hi All,

                              However, you all mentioned that Authoritive restore will solve the problem if disaster strikes.

                              Sorry about that.

                              From http://support.microsoft.com/kb/322692/en-us

                              Before the back out plan can be used, all domain controllers in the forest must be decommissioned before the recovery process. Note that level increases cannot be authoritatively restored. So all domain controllers that are replicated in the level increase must be decommissioned.
                              After all the previous domain controllers are decommissioned, bring up the disconnected domain controllers or restore the domain controllers from backup. Remove the metadata from all the other domain controllers, and then re-promote them. This is a non-trivial process and must be avoided.
                              VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

                              Comment

                              Working...
                              X