Issues changing from 2000 native domain functional level to 2003?

Discussion in 'Active Directory' started by Jims, Dec 30, 2005.

  1. Jims

    Jims Guest

    I am looking for any undocumented feedback and experiences from anyone who
    has upgraded their AD 2003 domain from 2000 native to 2003 domain functional
    level. Has anyone experiences problems, disruptions, legacy or MAC login
    problems? We are mostly XP but have some 2k, NT, 9x, WinCe (PDAs), and
    various MAC versions on our network and are concerned about potential domain
    authentication issues as a result of switching to domain functional 2003.
    Is this really a one way (no backing out) change or can you revert to 2000
    native if necessary? Any feedback would be appreciated.
    Thank you,
    Jim
     
    Jims, Dec 30, 2005
    #1
    1. Advertisements

  2. Make sure the legacy OS (Windows 9X) contains dsclient already installed to
    make sure authentication will not be a issue.
    Also, for roll back, only a healthy backup should save you.
    And, of course, kill all NT PDC /BDC , if do apply.
     
    Danilo Bordini [MSFT], Dec 30, 2005
    #2
    1. Advertisements

  3. If he had W9x clients, even with the w2k3 AD domain at native 2000 FL, he
    would already have had issues if he did not have installed the DSclient or
    disabled SMB signing...

    In a w2k3 AD domain at native 2000 FL there are should be already no NT DCs.
    Only possible with DFL mixed 2000.

    I do agree on the backup thing. The only way to go is to have a backups (at
    least system disk and system state) of the current DCs

    The only issue I know with increasing a functional level is with exchange
    2000 when the forest functional level is increased to w2k3. Exchange 2000
    (and possible other apps) do not understand Linked value Replication!

    --
    Cheers,
    # Jorge de Almeida Pinto #
    BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
     
    Jorge de Almeida Pinto, Dec 30, 2005
    #3
  4. I agree with Jorge on this, auth will not be an issue if isn't already. Domain
    mode doesn't impact the auth mechanisms handled by the DCs.

    The best thing though is to test your critical LOB apps in the lab and see if
    they experience a problem. I haven't seen nor heard of issues with DFL2, though
    I have heard of people running into issues with Forest Functional Mode if they
    are running Exchange 2000 or the ADC from Exchange 2000. If you have that
    combination, search the MSKB for articles on it. Basically it breaks the syncing
    processes because the E2K tools weren't capable of properly handling linked
    value replication updates which get turned on in FFL.
     
    Joe Richards [MVP], Dec 30, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.