NFS: The domain functional level should be Windows Server 2003 R2 or higher when using an identity mapping solution

  • Article

Applies To: Windows Server 2008 R2

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the File Services Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.

Operating System

Windows Server 2008 R2

Product/Feature

File Services

Severity

Error

Category

Configuration

Issue

The domain functional level is lower than Windows Server 2003 R2.

Impact

Users will not be properly authenticated.

Resolution

Use Active Directory Domains and Trusts to increase the domain functional level to Windows Server 2003 R2 or higher.

Domain functionality enables features that affect the entire domain (and that domain only). In Windows Server 2008 R2, there are four domain functional levels available in Active Directory Domain Services: Windows 2000 native, Windows Server 2003 (the default), Windows Server 2008, and Windows Server 2008 R2. When you raise the domain functional level, domain controllers that are running earlier operating systems cannot be introduced into the domain. For example, if you raise the domain functional level to Windows Serve 2008, you cannot add domain controllers that are running Windows Server 2003 to the domain. However, you could add domain controllers that are running Windows Server 2008 R2.

Membership in the Domain Admins group or the Enterprise Admins group, or equivalent, is the minimum required to complete this procedure.

To raise the domain functional level

  1. Open Active Directory Domains and Trusts. To open Active Directory Domains and Trusts, click Start, click Administrative Tools, and then click Active Directory Domains and Trusts.

  2. In the console tree, right-click the domain for which you want to raise the functional level, and then click Raise Domain Functional Level.

  3. In Select an available domain functional level, click Windows Server 2003 (for example), and then click Raise.

Additional references

Raise the Domain Functional Level(https://technet.microsoft.com/en-us/library/cc753104.aspx)

Understanding Domain and Forest Functionality(https://technet.microsoft.com/en-us/library/cc771294.aspx)