Raising Forest Functional Level

 

Introduction

This article describes how to raise Forest Functional Level and how to do that. But at the first stage, we will focus on prerequisites for this action.

Forest Functional Level determines which features are available in a forest (each domain within a forest) and which operating systems may act as Domain Controllers. This is really important to understand it appropriately before you start raising FFL.

Important! The most important thing is that raising FFL into higher level is one time action and cannot be reverted using the same console to previous state or lower mode. You need to restore your forest from backup. So, before doing that, please consider it wisely.

Note! There is one scenario when you can go back with Forest Functional Level without using backup. This situation is when you have Windows Server 2008R2 FFL and you did not enable Active Directory Recycle Bin. Only then you can go back.

You can raise Forest Functional Level using this tool:

  • Active Directory Domains and Trusts

To be able to raise FFL, user account on which you want to do the action, must be a member of “Enterprise Administrators” group.

We have currently 8 Doman Functional Levels available:

  • Windows 2000 Native
  • Windows Server 2003 Interim
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2008R2
  • Windows Server 2012
  • Windows Server 2012R2
  • Windows Server 2016

and mentioned beta FFL Windows Server 8 Beta (which probably would be changed to Windows Server 2012 in final release)
Each Forest Functional Level introduces new features in a forest. So, that’s why it is worth raising. This short brief shows what kind of features we have in each FFL:

Windows 2000 Native mode [1]

  • Domain Name change
  • Universal Distribution Groups
  • Group Nesting for Distribution Groups
  • Group Nesting for Domain Local Security Groups which can contain Global Security Groups as members

In this mode, you can only use these Operating Systems as Domain Controllers in whole forest (in each domain):

  • Windows 2000 Server
  • Windows Server 2003
  • Windows Server 2003R2
  • Windows Server 2008
  • Windows Server 2008R2

To be able to set up Windows 2000 Native FFL, all domains in a forest must be operating at Domain Functional Level Windows 2000 Native mode (more about DFL in my previous article)

Windows Server 2003 mode [1]
All Windows 2000 Native mode features plus:

  • Forest trust
  • Domain rename
  • Linked-value replication
  • The ability to deploy a read-only domain controller (RODC)
  • Improved Knowledge Consistency Checker (KCC) algorithms and scalability
  • The ability to convert an inetOrgPerson object instance into a User object instance
  • Deactivation and redefinition of attributes and classes in the schema
  • Domain-based DFS namespaces running in Windows Server 2008 Mode

In this mode, you can only use these Operating Systems as Domain Controllers in whole forest (in each domain):

  • Windows Server 2003
  • Windows Server 2003R2
  • Windows Server 2008
  • Windows Server 2008R2

To be able to set up Windows Server 2003 FFL, all domains in a forest must be operating at Domain Functional Level Windows Server 2003 mode (more about DFL in my previous article)

Windows Server 2008 mode [1]
All Windows Server 2003 mode features. There is no new features introduced.

In this mode, you can only use these Operating Systems as Domain Controllers in whole forest (in each domain):

  • Windows Server 2008
  • Windows Server 2008R2

To be able to set up Windows Server 2008 FFL, all domains in a forest must be operating at Domain Functional Level Windows Server 2008 mode (more about DFL in my previous article)

Windows Server 2008R2 mode [1]
All Windows Server 2008 mode features plus:

  • Active Directory Recycle Bin

In this mode, you can only use Windows Server 2008R2 as Domain Controllers in whole forest. There is no possibility to run the older operating systems as Domain Controllers in this mode.

To be able to set up Windows Server 2008R2 FFL, all domains in a forest must be operating at Domain Functional Level Windows Server 2008R2 mode.

Windows Server 2012 mode [1]
All Windows Server 2008R2 mode features but no additional features.

All domains that are subsequently added to the forest will operate at the Windows Server 2012 domain functional level by default.

Windows Server 2012R2 mode [1]
All of the features that are available at the Windows Server 2012 forest functional level, but no additional features.

All domains that are subsequently added to the forest will operate at the Windows Server 2012 R2 domain functional level by default.

Note! Simply saying, the lowest Domain Functional Level within a forest, the highest possible Forest Functional Level

That’s all about theory, now we will see, how to do that.

We know everything what we should know about FFLs and we can start raising it.

 

Scenario

This is a single forest, multiple domain environment where testenv.local is forest root domain. There are also two other child domains: child.testenv.local and child2.testenv.local.

Domain Functional Level each of them is:
testenv.local              – Windows Server 2008R2 mode
child.testenv.local    – Windows 2000 Native mode
child2.testenv.local  – Windows 2000 Mixed mode

as in my forest there is no more Windows NT4, Windows 2000 Server and I do not plan to use them anymore, I would raise my forest Functional Level into Windows Server 2003 mode. But first of all, my child domain’s DFL must be raised up.

For child.testenv.local I will raise DFL into Windows Server 2008R2 (as there are only Windows Server 2008R2 Domain Controllers)
For child2.testenv.local I will raise DFL into Windows Server 2003 (as there are no older Domain Controllers that 2003, and I cannot raise it higher because server 2003 is still used for DCs)

After that, the lowest DFL in my forest will be child2.testenv.local which is Windows Server 2003. So, the highest possible Forest Functional Level is Windows Server 2003.

I will only show you, how to raise Forest Functional Level. For information about raising DFL, please read my previous article about that.

Raising Forest Functional Level using Active Directory Domains and Trusts console

Open Active Directory Domains and Trusts console from “Administrative Tools” and select root node

Active Directory Domains and Trusts console

Click right mouse button on it and choose “Raise Forest Functional Level…” option from the list

Choosing an option to raise FFL

From the drop down list choose suitable Forest Functional Level (in this case it is Windows Server 2003) and click on “Raise” button

Available FFL options

FFL selected

confirm that you are sure what you are doing

Confirmation

Congratulations! Your Forest Functional Level has been raised up!

FFL has been raised up

Current FFL mode

That’s all!

<<< Previous part

Author: Krzysztof Pytko

[1] http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels%28WS.10%29.aspx

Facebooktwittergoogle_plusredditpinterestlinkedinmail