{"id":396,"date":"2015-07-08T12:53:24","date_gmt":"2015-07-08T16:53:24","guid":{"rendered":"https:\/\/jackhanington.com\/blog\/?p=396"},"modified":"2015-07-08T12:54:10","modified_gmt":"2015-07-08T16:54:10","slug":"upgrade-active-directory-functional-level","status":"publish","type":"post","link":"https:\/\/jackhanington.com\/blog\/2015\/07\/08\/upgrade-active-directory-functional-level\/","title":{"rendered":"Upgrade Active Directory Functional Level"},"content":{"rendered":"<p>If you are a systems administrator for an older company (like me), you probably have a few servers running Microsoft&#8217;s <a href=\"https:\/\/en.wikipedia.org\/wiki\/Windows_Server_2003\">Windows Server 2003<\/a> operating system on your network. Most sysadmins are aware that <a href=\"https:\/\/www.microsoft.com\/en-us\/server-cloud\/products\/windows-server-2003\/\">support for Windows Server 2003 will end on July 14, 2015<\/a> (6 days from writing this post), which means no more software and security updates from the folks over in Redmond. Luckily our company has\u00a0a big enough IT budget to have purchased Server 2008 licenses a long time ago but migrating servers is a slow and daunting task. One of the last 2003 servers we have on our network is a 2003 domain controller. Replacing this DC are two 2008 R2 AD servers but we need to demote the 2003 server and raise the functionality level of our domain so we can use new features like the AD recycle bin which lets admins restore deleted objects from active directory.\u00a0Older AD functionality is still supported so any applications or services that used those functions will continue to work as before.<\/p>\n<p>&nbsp;<\/p>\n<hr \/>\n<p>&nbsp;<\/p>\n<p>First we need to run\u00a0demote the 2003 server.<\/p>\n<p><strong>Note<\/strong>: <em>you need to have at least another domain controller in your network, otherwise you will lose your entire AD<\/em>.<\/p>\n<ol class=\"ordered\">\n<li>On your 2003 domain controller, log in using a domain admins account.<\/li>\n<li>Click <strong>Start<\/strong>, and then click <strong>Run<\/strong>.<\/li>\n<li>In <strong>Open<\/strong>, type <strong>dcpromo<\/strong> to open the Active Directory Installation Wizard, and then click <strong>Next<\/strong>.<\/li>\n<li>On the <strong>Remove Active Directory<\/strong> page, click <strong>Next<\/strong>, and then continue to follow the wizard.<\/li>\n<\/ol>\n<p>After your server is demoted, we need to raise the functionality of our domain.<\/p>\n<p>To check the functionality level of your domain, open up powershell and type these commands<\/p>\n<pre class=\"PowerShellColorizedScript\"># Get the Forest functional level            \r\n(Get-ADForest).ForestMode            \r\n            \r\n# Get the Domain functional level            \r\n(Get-ADDomain).DomainMode<\/pre>\n<p>And you should get results like mine.<\/p>\n<p><a href=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/domain.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-397\" src=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/domain.png\" alt=\"domain\" width=\"481\" height=\"117\" srcset=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/domain.png 481w, https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/domain-300x73.png 300w\" sizes=\"auto, (max-width: 481px) 100vw, 481px\" \/><\/a><\/p>\n<p>Now, lets raise the functional level&#8230;.<\/p>\n<p>On your 2008 domain controller, open up <strong>Active\u00a0Directory\u00a0Domains\u00a0and Trusts<\/strong>, right click your domain and click<strong> Raise Domain Functional Level&#8230;\u00a0<\/strong><\/p>\n<p><a href=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/level.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-398\" src=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/level.png\" alt=\"level\" width=\"499\" height=\"296\" srcset=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/level.png 499w, https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/level-300x178.png 300w\" sizes=\"auto, (max-width: 499px) 100vw, 499px\" \/><\/a><\/p>\n<p>On the <strong>Raise domain functional level<\/strong> page, choose Windows Server 2008 if you AD is running Server 2008 or Windows Server 2008 R2 if you are running Server 2008 R2. Click <strong>Raise<\/strong>.<\/p>\n<p><a href=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/raise.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-400\" src=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/raise.png\" alt=\"raise\" width=\"482\" height=\"328\" srcset=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/raise.png 482w, https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/raise-300x204.png 300w\" sizes=\"auto, (max-width: 482px) 100vw, 482px\" \/><\/a><\/p>\n<p>That is it for the domain.<\/p>\n<p>To raise the forest functional level, on the same\u00a0<strong>Active\u00a0Directory\u00a0Domains\u00a0and Trusts page<\/strong>, right click\u00a0<strong>Active\u00a0Directory\u00a0Domains\u00a0and Trusts<\/strong> and click<strong> Raise Forest Functional Level&#8230;\u00a0<\/strong><\/p>\n<p><a href=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/level-forest.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-401\" src=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/level-forest.png\" alt=\"level forest\" width=\"383\" height=\"289\" srcset=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/level-forest.png 383w, https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/level-forest-300x226.png 300w\" sizes=\"auto, (max-width: 383px) 100vw, 383px\" \/><\/a><\/p>\n<p>Pick the appropriate forest functional level from before and click <strong>Raise<\/strong>.<\/p>\n<p><a href=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/raise-forest.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-402\" src=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/raise-forest.png\" alt=\"raise forest\" width=\"478\" height=\"324\" srcset=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/raise-forest.png 478w, https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/raise-forest-300x203.png 300w\" sizes=\"auto, (max-width: 478px) 100vw, 478px\" \/><\/a><\/p>\n<p>Check to see if the levels were\u00a0raised using the same powershell commands from before.<\/p>\n<pre class=\"PowerShellColorizedScript\"># Get the Forest functional level            \r\n(Get-ADForest).ForestMode            \r\n            \r\n# Get the Domain functional level            \r\n(Get-ADDomain).DomainMode<\/pre>\n<p>You should see your updated results.<\/p>\n<p><a href=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/domain-new.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-403\" src=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/domain-new.png\" alt=\"domain-new\" width=\"455\" height=\"106\" srcset=\"https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/domain-new.png 455w, https:\/\/jackhanington.com\/blog\/wp-content\/uploads\/2015\/07\/domain-new-300x70.png 300w\" sizes=\"auto, (max-width: 455px) 100vw, 455px\" \/><\/a><\/p>\n<p>And that is it. Good luck with the rest of you migration!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you are a systems administrator for an older company (like me), you probably have a few servers running Microsoft&#8217;s Windows Server 2003 operating system on your network. Most sysadmins are aware that support for Windows Server 2003 will end on July 14, 2015 (6 days from writing this post), which means no more software&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[20,3,67,4,6],"tags":[95,14,96,100,98,97,118,99,13,94,115,93],"class_list":["post-396","post","type-post","status-publish","format-standard","hentry","category-blog","category-information-technology","category-microsoft","category-servers","category-windows","tag-95","tag-14","tag-active-directory","tag-ad","tag-domain-controller","tag-functional-level","tag-microsoft","tag-powershell","tag-server","tag-server-2003","tag-windows","tag-windows-server"],"_links":{"self":[{"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/posts\/396","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/comments?post=396"}],"version-history":[{"count":1,"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/posts\/396\/revisions"}],"predecessor-version":[{"id":404,"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/posts\/396\/revisions\/404"}],"wp:attachment":[{"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/media?parent=396"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/categories?post=396"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/tags?post=396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}