Domain Functional Level Rollback

Get the current domain and forest functional levels using get adforest powersshell command we can determine our current forest functional level.

Domain functional level rollback. This was fine until a few days later when i needed to test an application that was not supported for functional domains and forest levels greater than server 2012r2. When attempting to downgrade lower the dfl of a domain you would first need to downgrade the ffl to the same level as the required dfl to be configured. You take a system state back up of one dc in each domain in the. In the above example i have downgraded the domain functional level to windows server 2008.

To confirm execute the following commands. How to downgrade forest and domain functional levels. In our example we have a single. Responsibilities of the pdc.

Downgrading the domain functional level. In this lab i had the domain and forest functional level set to server 2016. Functional levels determine the available active directory domain services ad ds domain or forest capabilities. The example is with 2016 to 2012 r2 but you can go back to 2008 if.

The domain functional level is programmatically raised to the second functional level by directly modifying the value of the msdsbehaviorversion attribute on the domaindns object. Also right click on the active directory domains and trusts and select. The ffl was successfully lowered to windows server 2008 while the dfl for all domains are still on windows server 2016. The domain functional level is raised to the second functional level by using the ldp exe utility or the adsiedit msc utility.

The lowest domain functional level you can roll back to is windows server 2008. Even after all this however there is a great concern about the change being irreversible so that you must have a rollback plan just in case something unforeseen and catastrophic occurs to active directory. Karim buzdar powershell windows windows server 2012 r2 windows server 2016 no comments powershell. However functional levels do not affect which operating systems you can run on workstations and member servers that are joined to the domain or forest.

Enter and execute the following command in windows powershell to lower the dfl of the root. The domain functional level dfl for all the domains in a forest has to be raised first before you can raise the forest functional level ffl. You must be using an account with enterprise administrator or equivalent privileges to perform these actions lowering the domain functional level once you ve verified that you have met the conditions described above you can begin the process to lower the domain functional level. Rather than starting from scratch with this lab i decided to test lowering the functional levels from server 2016 to server 2012r2.

How to create an ad user in a specific ou. They also determine which windows server operating systems you can run on domain controllers in the domain or forest. Active directory recycle bin disabled. I will now lower the dfl of the root domain.

This is another common question and there is a supported mechanism to restore the domain or forest functional level. I am still logged on with an enterprise admin account.