Raise Forest and Domain Functional Levels

Sometimes you’ll get stopped from promoting a server to a domain controller because it says that the current domain or forest functional level does not meet or exceeded the required level.

This link details the functionality of each domain and forest functional level and their requirements: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels

Raising the levels gives the domain/forest more functionality. There is no down time to raise the levels but keep in mind, there is no going back once they are raised (outside of restoring AD from backup).

This article shows you how to raise them via the GUI. See this article if you’d like to raise them via PowerShell instead.

Raise the Forest Functional Level

  1. Open Active Directory Domains and Trusts
  2. Right-click on “Active Directory Domains and Trusts [dc name]
  3. Click “Raise Forest Functional Level…”
  4. Raise it as as far as it let’s you and then click Raise. It only takes a a couple seconds and then it should report back success. I like to double-check the event logs to confirm.
  5. You may get a message instead of the option to raise the level if the domain controllers aren’t running a new enough version of Windows. The message will detail the issue. You’ll need to upgrade or retire those older domain controllers before being able to raise successfully.

Raise the Domain Functional Level

Raising the domain functional level is a similar process:

  1. Open Active Directory Domains and Trusts
  2. Right-click the name of the domain itself this time
  3. Click “Raise Domain Functional Level…”
  4. Raise it as far as it can go.
  5. You may again get message instead of the option to raise, saying that the domain controller OSes do not meet requirements.

Conclusion

Both domain and forest levels have been raised.

Leave a Reply

Your email address will not be published. Required fields are marked *