Impact Raise Domain And Forest Functional Level

Arief Hardiansyah 46 Reputation points
2022-08-25T10:15:55.467+00:00

Hi All,

I have some questions. Currently we used OS Version 2008R2 and DFL (Domain Functional Level) 2003 on my domain controller Environment.
We have to plan for migrate and upgrade the OS Version to 2019 and DFL to 2012R2. But we still have server app running on windows server 2003 join domain and get LDAP to DC.
Is there any impact to the server app running on windows server 2003 and client on windows XP?

Really appreciate for your answer!

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,458 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,127 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,858 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmySalian-2011 41,916 Reputation points
    2022-08-25T10:46:44.147+00:00

    Hi,

    As per MS you should be good to continue using App Server on Windows 2003 OS, FFL and DFL impact only domain controllers by enabling a additional features and define the lowest version of operating system supported by the domain and the forest.

    So the members machine windows 2003/2008/7 should still able to authenticate and access on all services provided by a domain controller in a domain with FFL and DFL Windows 2016/ windows 2012R.

    active-directory-functional-levels

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
  2. SChalakov 10,261 Reputation points MVP
    2022-08-25T11:09:45.987+00:00

    Hi @Arief Hardiansyah ,

    the answer to this particulaar question is clearly fromulated by Ned Pyle (obne of Microsoft's greatest AD Experts) here:

    What is the Impact of Upgrading the Domain or Forest Functional Level? ¨
    https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/what-is-the-impact-of-upgrading-the-domain-or-forest-functional/ba-p/399348

    The summary is what gives a clear answer to your question. From the article:

    To summarize, the Domain or Forest Functional Levels are flags that tell Active Directory and other Windows components that all DCs in the domain or forest are at a certain minimal level. When that occurs, new features that require a minimum OS on all DCs are enabled and can be leveraged by the Administrator. Older functionality is still supported so any applications or services that used those functions will continue to work as before -- queries will be answered, domain or forest trusts will still be valid, and all should remain right with the world.

    Still, please considering this part also, as chnages in AD can sometimes be hard to revert:

    Even after all this, however, there is a great concern about the change being irreversible, so that you must have a rollback plan just in case something unforeseen and catastrophic occurs to Active Directory. This is another common question, and there is a supported mechanism to restore the Domain or Forest Functional Level. You take a System State back up of one DC in each domain in the forest. To recover, flatten all the DCs in the forest, restore one for each domain from the backup, and then DCPROMO the rest back into their respective domains. This is a Forest Restore, and the steps are outlined in detail in the following guide:

    Planning for Active Directory Forest Recovery
    http://technet.microsoft.com/en-us/library/planning-active-directory-forest-recovery(WS.10).aspx...

    Hope I could help you out!

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
    Regards
    Stoyan Chalakov

    1 person found this answer helpful.
  3. Limitless Technology 39,356 Reputation points
    2022-08-26T08:54:09.53+00:00

    Hello AriefHardiansyah,

    Initially I want to confirm that it will be mandatory to rise the DFL, as the minimum DFL for 2022 is the 2008R2 version.

    On the other hand, it is highly possible that would not have any effect on the application, since the new LDAP should contain the same information and adding some more, but the only way to know would be to consult with the company that manufactures that software.

    Other option would be to create a virtual environment in Hyper-V and create a test deployment with your current configuration (a minimum of a 2003 DC, a Windows XP client and the Server app installed and configured) and then install a Windows 2022 and rise the DFL on the virtual test environment.

    ----------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    1 person found this answer helpful.