Windows Server interim provides two important enhancements while still permitting replication to Windows NT 4. Because of the efficiencies in group replication that is activated in the interim level, the interim level is the recommended level for all Windows NT 4. See the "Best Practices" section of this article for more details. Windows Server interim can be activated in three different ways.
The first two methods are highly recommended. The third option is less highly recommended because membership in security groups uses a single multi-valued attribute, which may result in replication issues. The ways in which Windows Server interim can be activated are:. Before you upgrade the Windows NT 4.
Child domains inherit the forest-wide functionality settings from the forest they are promoted into. Use the last two options when you join an existing Windows Server forest during an upgrade.
This is a common scenario when an "empty root" domain is in position. The upgraded domain is joined as a child of the empty root and inherits the domain setting from the forest. The following section discusses the best practices for increasing functional levels. The section is broken into two parts. If the domain controller is not already connected to the appropriate domain, follow these steps to connect to the appropriate domain:.
A list of the computers in the domain that are running Windows NT 4. Before you can change the domain functional level to Windows Server , you must physically locate any domain controller in the list, determine the current status of the domain controller, and then either upgrade or remove the domain controller as appropriate.
When you change the domain functional level, replication to the Windows NT 4. However, when you try to increase to Windows Server forest level with domains in Windows Server , the mixed level is blocked.
The lack of Windows NT 4. In this example, the environment is raised from Windows Server mixed mode to Windows Server forest mode. For more information, click the following article number to view the article in the Microsoft Knowledge Base: How to remove data in active directory after an unsuccessful domain controller demotion. To verify that End to End replication is working in the forest, use the Windows Server or newer version of Repadmin against the Windows Server or the Windows Server domain controllers:.
Use replication tools such as Repadmin to verify that forest-wide replication is working correctly. Verify the compatibility of all programs or services with the newer Windows Server domain controllers and with the higher Windows Server domain and forest mode. Use a lab environment to thoroughly test production programs and services for compatibility issues. Contact vendors for confirmation of capability. Before the back-out plan can be used, all domain controllers in the forest must be decommissioned before the recovery process.
Level increases cannot be authoritatively restored. This means that all domain controllers that have replicated the level increase must be decommissioned. After all the previous domain controllers are decommissioned, bring up the disconnected domain controllers or restore the domain controllers from the backup.
Remove the metadata from all the other domain controllers, and then repromote them. This is a difficult process and must be avoided. Increase all domains to Windows Server native level. After this is completed, increase the functional level for the forest root domain to Windows Server forest level. When the forest level replicates to the PDCs for each domain in the forest, the domain level is automatically increased to Windows Server domain level.
This method has the following advantages:. Windows NT 4. When interim mode is used during the upgrade of the PDC, the existing large groups use LVR replication immediately, avoiding the potential replication issues that are discussed earlier in this article. Use one of the following methods to get to interim level during the upgrade:. A reason to avoid using interim mode is if there are plans to implement Windows Server domain controllers after the upgrade, or at any time in the future.
In mature Windows NT 4. In Windows NT 4. In Windows Server , group memberships are linked attributes stored in a single multi-valued attribute of the group object. When a single change is made to the membership of a group, the whole group is replicated as a single unit.
Because the group membership is replicated as a single unit, there is a potential for updates to group membership to be "lost" when different members are added or removed at the same time at different domain controllers. Open Active Directory Domains and Trusts. What ever you do though, don't raise the forest functional level higher if you have or will have any domain controllers running an earlier version of Windows Server. To continue this discussion, please ask a new question.
Get answers from your peers along with millions of IT pros who visit Spiceworks. Best Answer. Big Green Man This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. It should be pretty seamless. Regards, Dave Patrick Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff microsoft. You have first migrate all domain controller in your forest to Windows server to be able to raise the forest functional level to Windows Please don't forget to mark the correct answer, to help others who have the same issue. Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance. Office Office Exchange Server.
Not an IT pro? Resources for IT Professionals. Sign in. United States English.
0コメント