Raising Domain Functional / Forest Functional Levels

Hi guys,

I've upgraded my AD servers to Windows 2012 and have removed all the Windows 2003 servers in my network.

However, I wish to implement fine grained password policy. However, my Forest and Domain Functional levels are still at 2003. The minimum requirement for fine grained password policy states that the domain functional level must be set to Windows Server 2008 or higher.

How do I go about raising the Forest / Domain functional level? Which functional level should I raise first (the forest or domain)? Will there be any downtime and implications if I were to perform the raise?

Thanks guys!!

February 8th, 2015 9:11pm

Hi guys,

I've upgraded my AD servers to Windows 2012 and have removed all the Windows 2003 servers in my network.

However, I wish to implement fine grained password policy. However, my Forest and Domain Functional levels are still at 2003. The minimum requirement for fine grained password policy states that the domain functional level must be set to Windows Server 2008 or higher.

How do I go about raising the Forest / Domain functional level? Which functional level should I raise first (the forest or domain)? Will there be any downtime and implications if I were to perform the raise?

Thanks guys!!

There will be no downtime when raising your Domain Functional Level or Forest Functional Level.

All you need to know is that by raising your DFL to Windows Server 2008 or higher, you will not be able to set it back to Windows Server 2003 without a recovery from backup (This is not a reversible operation without restore). Also, you will need to have DCs that are running OSs with the same level as your DFL or higher.

If you are not planning to add DCs that are running OSs lower than Windows Server 2012 then simply raise your DFL and FFL to Windows Server 2012. FYI, as long as you have not enabled AD recycle Bin, you can downgrade the DFL and FFL to Windows Server 2008.

More about the benefits you can take by raising your DFL and FFL here: https://technet.microsoft.com/en-gb/library/understanding-active-directory-functional-levels(v=ws.10).aspx

Free Windows Admin Tool Kit Click here and download it now
February 9th, 2015 3:58am

Hi,

As suggested by Ahmed in previous post please make a note that the process of raising DFL/FFL is not a reversible operation without restore. Before proceeding further with the change please review your AD environment. Make sure that AD replication & DNS are healthy on available domain controllers.

To understand Functional levels better please refer:
https://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(WS.10).aspx

http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx


Also note that you can lower functional levels to from 2012 \ 2012 R2 to 2008 R2 OR from 2008 R2 to 2008 but you cannot lower than that:
http://support.microsoft.com/kb/2753560

 

Warm regards,

Gauresh Sakhalkar.
MCSA: 2012

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

February 9th, 2015 7:09am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics