Lower Domain Functional Level

This was fine until a few days later when i needed to test an application that was not supported for functional domains and forest levels greater than server 2012r2.

Lower domain functional level. While a domain admin account can successfully raise the domain functional level you must have at least enterprise administrator or equivalent permissions to lower it. You cannot set the domain functional level to a value that is lower than the forest functional level. The domain functional level is raised to the second functional level by using the ldp exe utility or the adsiedit msc utility. Domain admin rights should be enough to change the functional level of a single domain but it looks like this is not the case when lowering it although i wasn t able to find any documentation for this.

Domain functional level dfl determines the features of a domain controller dc based on the windows server operating system os it runs on. The goal for this section is to successfully lower the domain functional level back to windows server 2008. We will use set adforestmode to lower the forest functional level ffl and set addomainmode to lower the domain functional level. Forest takes precedence as the minimum functional level of each domain in the forest.

I was able to. Feature set of a particular dfl will be available for a dc if it runs on the operating system version that is compatible with the functional level. When you deploy a new forest you are prompted to set the forest functional level and then set the domain functional level. You can also use these commands to raise the functional level instead of using the active directory users and computers or active directory domains and trusts management consoles.

Anyway since you need to change both the forest and the domain level just perform these operations using an. Rather than starting from scratch with this lab i decided to test lowering the functional levels from server 2016 to server 2012r2. Domain functional levels and forest functional levels. The domain functional level dfl for all the domains in a forest has to be raised first before you can raise the forest functional level ffl.

You need enterprise admin rights in order to change the forest functional level. To begin you must be logged in with an account with enterprise administrator or equivalent privileges. The domain functional level is programmatically raised to the second functional level by directly modifying the value of the msdsbehaviorversion attribute on the domaindns object. Welche domain controller bei welchem domain functional level unterstützt werden geht ebenfalls auf der liste hervor.

Die folgenden tabelle stellt dar wie sich die windows server versionen bezüglich domain functional levels geändert haben.