Comments on: Server 2008 R2: Active Directory Functional Levels

By: Pete

Pete — Tue, 02 Nov 2010 14:57:55 +0000

You might want to add that this command should be run on the Domain Naming Master. (Mine was also the Schema Master so try that if the DNM trick does not work.)

or else you may receive Enable-ADOptionalFeature : A referral was returned from the server At line:1 char:25

By: jack

jack — Mon, 09 Nov 2009 05:26:57 +0000

There is no more such BDC term used by Windows 2003 and above.

However, to increase functional leevl should not impact your current infrastructure, but to provide more features.

Refer to the following KB, http://technet.microsoft.com/en-us/library/cc771132(WS.10,printer).aspx

By: Jonathan Craig

Jonathan Craig — Wed, 28 Oct 2009 21:58:08 +0000

Hi Simon,

Thanks for sharing your insightful thoughts and suggestions - very helpful, and appreciated indeed.

On a related note, we needed a quick and efficient way to enumerate nested security groups for security audits in AD R2 (i.e. find out which groups were nested in other groups.) So we asked our on-site MS consultant and he recommended using the Gold Finger from Paramount Defenses Inc.

Gold Finger pleasantly surprised us because not only was it endorsed by Microsoft but also 100% FREE and loaded with almost 250 useful Active Directory security, Exchange and ACL management reports. BTW, you can download it for free from http://goldfinger.paramountdefenses.com

Thought I'd share this with you incase it could help you too, especially if you're into AD security reporting.

Thanks again, and looking forward to your next post.

Best wishes, Jonathan

By: End of the World

End of the World — Wed, 28 Oct 2009 10:11:08 +0000

Thank’s for sharing this This is really interesting

By: Simon Price

Simon Price — Mon, 26 Oct 2009 17:56:02 +0000

Going to R2 2008 functional level will maintain all features of a 2003 level domain/forest and add the new 2008 R2 features. This said, your existing environment (Exchange 2003) should not be affected. Keep in mind this change is not reversible. So if you have a test environment, use it prior to making production changes, and in production make a backup on a DC before executing the change.

By: al all

al all — Sun, 25 Oct 2009 16:18:39 +0000

Question: in our environment we have PDC 2088 R2 & BDC 2008 R2, both are operating on default level (Server 2003), and two Exchange 2003 Servers. Can I raise the PDC & BDC to Server 2008 R2 Domain and Forest Functional Levels, without losing connection or effecting the regular functionality of the tow Exchange 2003 Servers? any extra info or precaution should I put in mind.

By: Prefect

Prefect — Tue, 20 Oct 2009 02:53:30 +0000

Sure, that’s fine.

By: Polprav

Polprav — Fri, 16 Oct 2009 13:29:48 +0000

Hello from Russia! Can I quote a post in your blog with the link to you?