4.8 Upgrading Domain and Forest Functional Levels
Windows
Server 2003 does not immediately begin functioning at a native level,
even when all domain controllers have been migrated. In fact, a fresh
installation of Windows Server 2003 supports domain controllers from
Windows NT 4.0, Windows 2000, and Windows Server 2003. You first need
to upgrade the functional level of the forest and the domain to Windows
Server 2003 before you can realize the advantages of the upgrade.
Windows
Server 2003 supports four domain functional levels. The following
levels allow Active Directory to include down-level domain controllers
during an upgrade process:
Windows 2000 Mixed—
When Windows Server 2003 is installed into a Windows 2000 Active
Directory forest that is running in Mixed mode, it essentially means
that Windows Server 2003 domain controllers can communicate with
Windows NT and Windows 2000 domain controllers throughout the forest.
This is the most limiting of the functional levels, however, because
functionality such as universal groups, group nesting, and enhanced
security is absent from the domain. This is typically a temporary level
to run in because it is seen more as a path toward eventual upgrade.
Windows 2000 Native—
Installed into a Windows 2000 Active Directory that is running in
Windows 2000 Native mode, Windows Server 2003 runs itself at a Windows
2000 functional level. Only Windows 2000 and Windows Server 2003 domain
controllers can exist in this environment.
Windows Server 2003 Interim—
Windows Server 2003 Interim mode enables the Windows Server 2003 Active
Directory to interoperate with a domain composed of Windows NT 4.0
domain controllers only. Although this is a confusing concept at first,
the Windows Server 2003 Interim functional level does serve a purpose.
In environments that seek to upgrade directly from NT 4.0 to Windows
Server 2003 Active Directory, Interim mode allows Windows Server 2003
to manage large groups more efficiently than if an existing Windows
2000 Active Directory exists. After all NT domain controllers are
removed or upgraded, the functional levels can be raised.
Windows Server 2003—
The most functional of all the various levels, Windows Server 2003
functionality is the eventual goal of all Windows Server 2003 Active
Directory implementations.
After
all domain controllers are upgraded or replaced with Windows Server
2003, you can raise the domain and then the forest functional levels by
following these steps:
1. | Ensure that all domain controllers in the forest are upgraded to Windows Server 2003. |
2. | Open Active Directory Domains and Trusts from the Administrative Tools.
|
3. | In the left pane, right-click Active Directory Domains and Trusts, and then click Raise Domain Functional Level. |
4. | In the Select an Available Domain Functional Level box, click Windows Server 2003, and then select Raise, as shown in Figure 7.
|
5. | Click OK and then click OK again to complete the task. |
6. | Repeat steps 1–5 for all domains in the forest.
|
7. | Perform the same steps on the forest root, except this time click Raise Forest Functional Level in step 3 and follow the prompts, as indicated in Figure 8.
|
Note
The
decision to raise the forest or domain functional levels is final. Be
sure that any Windows 2000 domain controllers do not need to be added
anywhere in the forest before performing this procedure. When the
forest is Windows Server 2003 functional, this also includes being
unable to add any Windows 2000 Active Directory subdomains.
After
each domain functional level is raised, as well as the forest
functional level, the Active Directory environment is completely
upgraded and all of the AD improvements introduced with Windows Server
2003 will be available. Functionality at this level opens the
environment to features such as schema deactivation, domain rename,
domain controller rename, and cross-forest trusts.
4.9Moving AD-Integrated DNS Zones to Application Partitions
The
final step in a Windows Server 2003 Active Directory upgrade is to move
any AD-integrated DNS zones into the newly created application
partitions that Windows Server 2003 uses to store DNS information. To
accomplish this, follow these steps:
1. | Open the DNS Microsoft Management Console snap-in (Start, All Programs, Administrative Tools, DNS).
|
2. | Navigate to DNS\<Servername>\Forward Lookup Zones.
|
3. | Right-click the zone to be moved, and click Properties.
|
4. | Click the Change button to the right of the Replication description.
|
5. | Select
either To All DNS Servers in the Active Directory Forest or To All DNS
Servers in the Active Directory Domain, depending on the level of
replication you want, as shown in Figure 9. Click OK when you are finished.
|
6. | Repeat the process for any other AD-integrated zones. |
