Domain Functional Level Upgrade Issues
When the domain functional level is raised it not possible to promote operating systems that are running earlier versions of the os.
Domain functional level upgrade issues. For example if you raise the domain functional level to windows server 2012 you will not be able to promote a server that is running windows server 2008 to domain controller. My question is. The changes only add the aes hashes during the one dfl change from 2003 to any higher level 08 08r2 12 12r2 domain functional level. The second restriction for which there is a limited exception on windows server 2008 r2 is that once upgraded the domain or forest functional level cannot later be downgraded.
We recently upgraded our domain and forest functional level from 2003 to 2008 r2 after a day or so i started having problems connecting to a number of 2008 r2 hyper v virtual machines. We have many member servers running windows 2003 and also have exchange 2003 for mail. In this scenario you can change the domain mode to native mode by using the active directory users computers snap in by using the active directory domains trusts ui mmc snap in or by programmatically changing the value of the ntmixeddomain attribute to 0 on the domaindns. All of our dc s are now running windows 2008 r2.
Welche domain controller bei welchem domain functional level unterstützt werden geht ebenfalls auf der liste hervor. Die folgenden tabelle stellt dar wie sich die windows server versionen bezüglich domain functional levels geändert haben. The underlying issue is due to the addition of the aes hashes 128 and 256 introduced. Hi i m seeking to understand whether the following scenario is a supported recommended possible upgrade path for ad ds.
Active directory could not update the functional level of the following domain because the domain is in mixed mode. In 2003 functional level the kerberos key distribution centre kdc used either rc4 hmac 128 bit or des cbc md5 56 bit for kerberos encryption however when moving to 2008 domain functional level or higher you upgrade the key distribution centre kdc to use advanced kerberos encryption which uses aes 128 and aes 256 encryption. Due to potential issues with third party application. To prevent these issues from arising a new dc must be at the same level or greater than the functional level of the domain or forest.
We have recently upgraded our forest and domain to windows 2008 r2 and want to take advantage of some features that were not available in windows 2003.