Since Windows Server 2008 R2 and now with Windows Server 2012(R2)you can roll back the domain and forest functional level under certain conditions. This was not possible before with previous versions of Windows. In these cases you would have to revert to a restore from backup. Yup pretty hefty so raising functional levels has to be done with care.
Now this isn’t a free fire zone there are some conditions as listed in the table below.
So you cannot have advanced features like the AD recycle bin enabled in some conditions. Enabling this is irreversible, so you cannot revert the Forest Functional Level of your environment to a level that supports the AD recycle bin when it has been enabled. Today that means from Windows Server 2012(R2) to Windows Server 2008 R2.
You also need Enterprise Administrator rights to do so, which I hope you’ll understand. It’s also a Windows PowerShell only feature (Set-ADDomainMode).
I used this information recently during an upgrade of an Windows Server 2008 R2 domain to Windows Server 2012 where they wanted to raise the domain and forest functional level. As they had a Forest Trust between the (now) Windows Server 2012 forest/domain and another Windows Server 2008 R2 forest/domain. They had enabled the Recycle Bin when still at Windows 2008 R2. They wanted to know if they would have issues with the trust and if so whether they could revert the levels in that case.
Well I could put their mind at ease. Look at the table. Yes you can go back to Windows 2008 R2 Forest Functional level as that’s a version that also supports AD Recycle bin so it doesn’t matter that is enabled. And no, the forest trust capability is not affected by the forest functional level in this case as all you need there is to be at a minimum level of Windows 2003 to be able to do a forest trust. Forest Trust is enabled from and above Windows Server 2003 Forest functional Level. In a Windows Server 2000 Forest functional Level, Forest Trust is disabled. That means you can do them between forests at different functional levels a long as non of them is lower than Windows 2003. In this case it’s Windows 2008 R2 that’s the lowest, so again, not an issue.
How? Very simple:
Set-ADDomain Mode mydomain.com -DomainMode Windows2008R2Domain
Set-ADForestMode mydomain.com -ForestMode Windows2008R2Forest
Take a look at these TechNet Resources Understanding Active Directory Domain Services (AD DS) Functional Levels and Set-ADDomainMode for more information.
Why should you go back in forest/domain FLs?
If an unexpected compatibility issue occurs. One example is that ADMT in it’s current versions does not support anything DFL or FFL > W2K8R2. It gives people an exit plan if one is needed. Once they are sure all is OK they can start using the new features & commit to the DFL/FFL. It’s not something you’d do regularly or that you’ll see often, but is has a purpose, hence it’s existence.
Pingback: Microsoft Most Valuable Professional (MVP) – Best Posts of the Week around Windows Server, Exchange, SystemCenter and more – #65 - Flo's Datacenter Report
Pingback: Microsoft Most Valuable Professional (MVP) – Best Posts of the Week around Windows Server, Exchange, SystemCenter and more – #66 - Windows Management - TechCenter - Dell Community
Pingback: Microsoft Most Valuable Professional (MVP) – Best Posts of the Week around Windows Server, Exchange, SystemCenter and more – #66 - Dell TechCenter - TechCenter - Dell Community
Nice Article, but i misunderstood this :
“Enabling this is irreversible, so you cannot revert the Forest Functional Level of your environment to a level that supports the AD recycle bin when it has been enabled. Today that means from Windows Server 2012(R2) to Windows Server 2008 R2.”
Do you mean :
“Enabling this is irreversible, so you cannot revert the Forest Functional Level of your environment to a level that does not support the AD recycle bin when it has been enabled. Today that means from Windows Server 2012(R2) to Windows Server 2008.
Recycle bin is enabled in this example so it’s W2K8R2, not W2K8.