Tag Archives: Forest Functional Level

Forest and domain functional level to Windows Server 2019

Posted on by
10

Introduction

My permanent & home lab run 100% on Windows Server 2019 when it comes to infrastructure. AD, DNS, DHCP, 3rd party infra management servers (WiFi controllers, SMS Gateways, net monitoring tools, …). Why, well when it comes to practicing staying current & avoiding tech debt I practice what is preach. And I don’t need to have 20 analysts & management meetings to do so. What is need to know if whether it is supported, whether it works and that I know and understand the implication and benefits. One of the thing to test: raise forest and domain functional level to Windows Server 2019

Running Windows Server 2019 Active Directory

As I’m running Windows Server 2019 Active Directory for 100 percent all is ready to go. It’s a lab remember. A lab with backup actually. Yes, even my lab. So I am ready to pull the trigger. When I went to raise the forest and domain functional level to Windows Server 2019 (Insider build at the time or writing) I got  a little surprise:

image

Well, that’s a first! Why can’t I opt to raise the forest and domain functional level to Windows Server 2019? As it turns out it’s is just not there. Not yet and maybe not ever. Well the changes to the Active Directory schema were not huge to put it mildly. I went from 87 to 88 to in the permanent lab forest. It was a modest change.

Conclusion

That some kind of “functional “level don’t get raised has happened before. Not in AD, but in DFS for example in Windows Server 2016 you still run at Windows 2008 mode for the name spaces and that was a jump from Windows Server 2000 mode! As Windows Server 2019 has not yet gone RTM there is no way of knowing if the forest & domain functional level Windows Server 2019 will be there at that time.

Some might like this as it means there won’t be much application compatibility to worry about. Exchange is one of the most “delaying” factors in moving whole sale to newer AD versions. Sometimes they even change their minds (E2K10SP3 with RU’s & Windows Server 2016 AD was supported for about 3 months before it changed in the compatibility matrix on line). Some other AD integrating 3rd party software might also cause considerable delays.

On the other hand, sometimes I want to block older domain controllers form being installed. In dedicated & specifically managed AD environments where you want to avoid any deviation form this it’s a handy way of enforcing this. Anyway we’ll see how this ends up at RTM. Meanwhile we’ll keep an eye on the previews as I have 17554 to look forward soon to play with at night.

Help! Active Directory cannot read forest and domain functional level anymore or much ado about nothing

Posted on by
2

The other day I got a very worried request for support. Apparently the Forest and domain functional level of a Active Directory deployment could no longer be read. Nothing else was wrong, everything was working just fine. If I could have a quick look? So they shared the screen with me and this is what I saw.

image

And this …

image

Well that didn’t surprise me, they are supposed to be already on domain and forest functional level 2012 R2 as all their domain controllers where already on Windows 202 R2 for over a year. That error message is not right!  After being puzzled for a moment when it hit me. This was a Windows 2008 R2 host without updated tools!

Once they used the correct version of RSAT or checking on a Windows 2012 R2 host all was show to be well and the scare was over.

image

Nothing so see here, move along.

Exchange 2010 SP3 Rollup 5 Added Support for Windows Server 2012 R2 Active Directory

Posted on by
3

6 weeks ago (February 25th 2014) Microsoft finally took away the last barrier to upgrading some of our Windows Server 2012 Active Directory Environments to R2.  Most of them are still running Exchange 2010 SP3 and not Exchange 2013. The reason is that Exchange 2013 was not deployed is whole other discussion Eye rolling smile.

However that dis mean that until the release of  Exchange Server 2010 SP3 Update Rollup 5 last month we could not upgrade Active Directory to Windows Server 2012 R2. Rollup 5 brought us support for exactly that. We can now:

  • Support Domain Controllers running Windows Server 2012 R2
  • Raise the Active Directory Forest Function Level and Domain Functional Level to Windows Server 2012 R2

Please note that you cannot deploy Exchange Server 2010 (SP3 RU5) on Windows Server 2012 R2 and you’ll probably never will be able to do that. I’m not sure Microsoft has any plans for this.

Now our office moves have been concluded, meaning I can get back to IT Infrastructure instead of being an glorified logistics & facility peon, we’re doing the upgrade.

This also means we can move the Active Directory environments to the latest version so we have the best possible position for any future IT projects at very low risk. The environments are already at W2K12 functional level. If the budgets get so tight they lose/scrap EA or volume licensing it also allows them to run at this level for many years to come without causing any blocking issues.