Raising forest/domains to windows 2003 functional level

Discussion in 'Active Directory' started by Bill-MT, Aug 2, 2006.

  1. Bill-MT

    Bill-MT Guest

    Background:

    I have a Forest with seven Windows 2003 domain controllers recently migrated
    from W2K3-SP1 to W2K-R2.

    Three of these are in the ROOT domain (schema management only, no users)
    Four of these are in the USER domain (user accounts, Exchange 2003 site).

    I also recently migrated my Exchange site from 2000-sp3 to 2003-sp2.

    I have the following services running
    against my Active Directory forest in the User domain.
    - a couple of unix servers running the SAMBA service for individual
    departments.
    - a web services group running CAS to provide web application authentication.
    - a cisco radius server providing WPA authentication to a wireless LAN.

    Almost all my clients are running WindowsXP-sp2.


    Question:

    I'd like to raise the functional level of my forest and domains from Windows
    2000 native to Windows 2003.

    Is there any reason I should "not" do this?
    Will it break anything?
     
    Bill-MT, Aug 2, 2006
    #1
    1. Advertisements

  2. Jorge de Almeida Pinto [MVP], Aug 2, 2006
    #2
    1. Advertisements

  3. Hi,

    Yes,I have no idea why we don't raise the function level.

    Jorge provide the greate information. Thanks.:)

    have a good day!


    Best regards,

    Vincent Xu
    Microsoft Online Partner Support

    ======================================================
    Get Secure! - www.microsoft.com/security
    ======================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others
    may learn and benefit from this issue.
    ======================================================
    This posting is provided "AS IS" with no warranties,and confers no rights.
    ======================================================



    --------------------
     
    Vincent Xu [MSFT], Aug 3, 2006
    #3
  4. Bill-MT

    Bill-MT Guest


    It was a great reference, thanks for the KB, but...
    it only goes part of the way to answer my question.

    Testing is "not" practical as both SAMBA and CAS are run by different groups
    in the organization. I don't know the OSs (SunOS and CentOS) that these apps
    run under and I don't know the applications themselves.

    I'm pretty much between the rock and the hard place here. I want to raise
    my forest and domains to the highest level I can, but there is no way "I"
    can test against those applications.

    So, what can I do safely.

    Can I raise the level of the ROOT domain since the accounts accessed by
    SAMBA and CAS don't live there?

    Can I raise the FOREST while not raising the level of the USER domain?

    Does raising anything make any sense if I can't raise the USER domain -
    where my users live and my exchange site runs. What do I gain here if I
    can't safely raise the USER domain's functional level.

    I'm sure you guys know this 'stuff' better than me. Any advice you can give
    reguarding what you would do "in this situation" would be helpful.
     
    Bill-MT, Aug 3, 2006
    #4
  5. Hi Bill,

    Domain and forest functionality provides a way to enable domain- or
    forest-wide Active Directory features within your network environment.
    Different levels of domain functionality and forest functionality are
    available depending on your environment.

    If all domain controllers in your domain or forest are running Windows
    Server 2003 and the functional level is set to Windows Server 2003, all
    domain- and forest-wide features are available. When Windows NT 4.0 or
    Windows 2000 domain controllers are included in your domain or forest with
    domain controllers running Windows Server 2003, Active Directory features
    are limited.

    Check following article:

    <http://technet2.microsoft.com/WindowsServer/en/library/83347346-54d4-4963-8
    a4a-370a127fb3751033.mspx?mfr=true>

    You can get more information about domain and forest function level.
    Honestly, I don't have much knowledge about SAMBA and CAS, regarding the
    effect of them after raise functioin level, I'd like to suggest you ask for
    SAMBA and CAS specialists for assistance. However, if you need any
    information from Windows AD side, please feel free to let me know. I'm
    glad to provide assistance.


    Best regards,

    Vincent Xu
    Microsoft Online Partner Support

    ======================================================
    Get Secure! - www.microsoft.com/security
    ======================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others
    may learn and benefit from this issue.
    ======================================================
    This posting is provided "AS IS" with no warranties,and confers no rights.
    ======================================================



    --------------------
     
    Vincent Xu [MSFT], Aug 4, 2006
    #5
  6. Bill-MT

    Bill-MT Guest

    Since I only have two weeks before semester start. I think I'm going to
    'hold' on raising anything at this point. The only feature I had read about
    that I thought might be useful to us right now is the 'large' group
    replication feature change as I do have a group that has about 3500+ members.

    I guess we think alike as I've already ask the CAS and SAMBA groups to do
    some research on this issue.

    Can you tell me how the next OS (longhorn?) might play into this issue... I
    assume its at a 'higher' functional level than 2003, so at some point I'll
    have to move off of 2000-native functionality anyway....

    I guess what is slowing me down here is the "recovery" line that says...
    "this is a non-trivial process and must be avoided".

    thanks for your help. - bill.
     
    Bill-MT, Aug 4, 2006
    #6
  7. Hi,

    "I do have a group that has about 3500+ members." ----Yes, it is new
    function level's feature. :)

    Regarding the next generation OS, I also guest we may have a new function
    level at least. :)

    Have a good day!



    Best regards,

    Vincent Xu
    Microsoft Online Partner Support

    ======================================================
    Get Secure! - www.microsoft.com/security
    ======================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others
    may learn and benefit from this issue.
    ======================================================
    This posting is provided "AS IS" with no warranties,and confers no rights.
    ======================================================



    --------------------
     
    Vincent Xu [MSFT], Aug 7, 2006
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.