Tuesday, October 04, 2011

Raising Windows Server 2008 Active Directory Domain and Forest Functional Levels


When the first Windows Server 2008–based Domain Controller is deployed in a domain or forest, the domain or forest operates by default at the lowest functional level that is possible in that environment, meaning Windows 2000 Native Mode. This allows you to take advantage of the default Active Directory features while running versions of Windows earlier than Windows Server 2008. When you raise the functional level of a domain or forest, a set of advanced features becomes available.
 
Note: In the Windows Server 2008 version of DCPROMO, when you install a new domain in a new forest, you are prompted for the function level of your choice. Therefore, it may very well be that a brand new installation of Active Directory will not hold the "default" domain or forest function levels.


Raising Domain Function Levels

To activate new domain features that available in Windows Server 2008, all domain controllers in the domain must be running Windows Server 2008. After this requirement is met, the administrator can raise the domain functional level to Windows Server 2008.
Important
Raising the domain functional levels to Windows Server 2008 is a nonreversible task and prohibits the addition of Windows 2000–based or Windows Server 2003–based Domain Controllers to the environment. Any existing Windows 2000–based or Windows Server 2003–based Domain Controllers in the environment will no longer function, and in fact, the upgrading wizard will not allow you to continue with the operation. Before raising functional levels to take advantage of advanced Windows Server 2008 features, ensure that you will never need to install domain controllers running Windows 2000-based or Windows Server 2003–based Domain Controllers in your environment.
Membership in Domain Admins, Enterprise Admins, or equivalent, is the minimum required to complete this procedure.
In order to raise the domain functional level:
  1. Log on the PDC Emulator of the domain with domain administrator credentials.
  2. Note: The PDC Emulator is usually the first DC in the domain.
  3. Open Active Directory Users and Computers by clicking Start > All Programs > Administrative Tools, and then click Active Directory Users and Computers (you can also perform this action from the Active Directory Domains and Trusts snap-in).
  4. In the console tree, right-click the domain node and then click Raise Domain Functional Level.

  5. Under Select an available domain functional level, do one of the following:
  6. Click Windows Server 2003, and then click Raise to raise the domain functional level to Windows Server 2003.
    or
    Click Windows Server 2008, and then click Raise to raise the domain functional level to Windows Server 2008.

  7. Read the warning message, and if you wish to perform the action, click Ok.

  8. You will receive an acknowledgement message telling you that the operation was completed successfully. Click Ok.

  9. You can check the function level by performing step 3 again and viewing the current function level.
Note: The current domain functional level appears under Current domain functional level in the Raise Domain Functional Level dialog box. The level increase is performed on the PDC Emulator FSMO and requires the domain administrator.

Raising Forest Function Levels

To activate new forest features that available in Windows Server 2008, all domain function levels in the forest must be running in Windows Server 2008 mode. After this requirement is met, the administrator can raise the forest functional level to Windows Server 2008.
Note that domains that are set to the domain functional level of Windows Server 2003 will automatically be raised to Windows Server 2008 at the same time that the forest functional level is raised to Windows Server 2008.
Important
Raising the forest functional levels to Windows Server 2008 is a nonreversible task and prohibits the addition of Windows 2000–based or Windows Server 2003–based Domain Controllers to any of the domains in the environment. Any existing Windows 2000–based or Windows Server 2003–based Domain Controllers in the environment will no longer function, and in fact, the upgrading wizard will not allow you to continue with the operation. Before raising functional levels to take advantage of advanced Windows Server 2008 features, ensure that you will never need to install domain controllers running Windows 2000-based or Windows Server 2003–based Domain Controllers in your environment.
Membership in Enterprise Admins, or equivalent, is the minimum required to complete this procedure.
In order to raise the forest functional level:
  1. Log on to the PDC Emulator of the forest root domain with a user account that is a member of the Enterprise Administrators group.
  2. Open Active Directory Domains and Trusts by clicking Start > All Programs > Administrative Tools, and then click Active Directory Domains and Trusts.
  3. In the console tree, right-click Active Directory Domains and Trusts, and then click Raise Forest Functional Level.

  4. Under Select an available forest functional level, do one of the following:
  5. Click Windows Server 2003, and then click Raise to raise the forest functional level to Windows Server 2003.
    or
    Click Windows Server 2008, and then click Raise to raise the forest functional level to Windows Server 2008.

  6. Read the warning message, and if you wish to perform the action, click Ok.

  7. You will receive an acknowledgement message telling you that the operation was completed successfully. Click Ok.

  8. You can check the function level by performing step 3 again and viewing the current function level.
Note: To raise the forest functional level to Windows Server 2008, you must upgrade (or demote) all existing Windows 2000 or Windows Server 2003 Domain Controllers in your forest.
If you cannot raise the forest functional level, you can click Save As in the Raise Forest Functional Level dialog box to save a log file that specifies which domain controllers in the forest still must be upgraded from older operating systems.

No comments:

Post a Comment