Students. Raise the Forest Functional Level. Published: August 19, 2010 Updated: December 21, 2012 Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 When you install Active Directory Domain Services (AD DS), a set of basic Active Directory features is enabled by default. In addition to the basic Active Directory features on individual domain controllers, there are new domain-wide and forest-wide Active Directory features available when all domain controllers in a domain or forest are running a later version of Windows Server. To enable new forest-wide features, all domain controllers in the forest must run the version of Windows Server that corresponds to the forest functional level value or a later version, and the forest functional level must be raised to that value.
For example, to enable Active Directory Recycle Bin, all domain controllers must run Windows Server 2008 R2 or Windows Server 2012 and the forest functional level must be raised to at least Windows Server 2008 R2. Additional considerations. How to raise Active Directory domain and forest functional levels. This article discusses raising the domain and forest functional levels that are supported by Microsoft Windows Server 2003-based or newer domain controllers. There are four releases of Active Directory, and only the levels that have changed from Windows NT Server 4.0 require special consideration. Therefore, the other level changes are mentioned by using the newer, current, or older versions of the domain controller operating system, of the domain, or of the forest functional level. Functional levels are an extension of the mixed mode and the native mode concepts that were introduced in Microsoft Windows 2000 Server to activate new Active Directory features.
Some additional Active Directory features are available when all the domain controllers are running the newest Windows Server version in a domain or in a forest, and when the administrator activates the corresponding functional level in the domain or in the forest. ( . Understanding Active Directory Functional Levels. Functional levels determine the available Active Directory Domain Services (AD DS) domain or forest capabilities. They also determine which Windows Server operating systems you can run on domain controllers in the domain or forest. However, functional levels do not affect which operating systems you can run on workstations and member servers that are joined to the domain or forest.
When you deploy AD DS, set the domain and forest functional levels to the highest value that your environment can support. This way, you can use as many AD DS features as possible. For example, if you are sure that you will never add domain controllers that run Windows Server 2003 to the domain or forest, select the Windows Server 2008 functional level during the deployment process. However, if you might retain or add domain controllers that run Windows Server 2003, select the Windows Server 2003 functional level. The following table shows the features that are available at each domain functional level. ADMT Guide: Migrating and Restructuring Active Directory Domains. Applies to: Active Directory Migration Tool 3.1 (ADMT 3.1) and ADMT 3.2 To obtain a downloadable version of this guide in .doc format, see ADMT Guide: Migrating and Restructuring Active Directory Domains ( As part of deploying the Active Directory® directory service or Active Directory Domain Services (AD DS), you might choose to restructure your environment for the following reasons: To optimize the arrangement of elements within the logical Active Directory structure To assist in completing a business merger, acquisition, or divestiture Restructuring involves the migration of resources between Active Directory domains in either the same forest or in different forests.
After you deploy Active Directory or AD DS, you might decide to further reduce the complexity of your environment by either restructuring domains between forests or restructuring domains within a single forest. In this guide The Security Accounts Manager (SAM) account name. Name. Adprep. Extends the Active Directory® schema and updates permissions as necessary to prepare a forest and domain for a domain controller that runs the Windows Server® 2008 operating system. Adprep.exe is a command-line tool that is available on the Windows Server 2008 installation disc in the \sources\adprep folder, and it is available on the Windows Server 2008 R2 installation disk in the \support\adprep folder.
You must run adprep from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator. In Windows Server 2008 R2, Adprep is available in a 32-bit version and a 64-bit version. The 64-bit version runs by default. If you need to run Adprep on a 32-bit computer, run the 32-bit version (Adprep32.exe). For more information about running Adprep.exe and how to resolve errors that can occur when you run it, see Running Adprep.exe ( The following example prepares a domain for an RODC: LDAP / Active Directory.