Enabling Windows Server 2003 Functional Levels in a Windows NT 4.0 Environment
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
If all of the domain controllers in your environment are running Windows NT 4.0, and you plan to upgrade them to Windows Server 2003 without ever upgrading to Windows 2000 or installing a new Windows 2000–based domain controller, maintain the Windows Server 2003 interim functional level in your domains and forest until you upgrade all Windows NT 4.0 domain controllers to Windows Server 2003.
Important
- If you choose to raise the forest and domain functional level to Windows Server 2003 interim, you cannot return to the Windows 2000 mixed domain functional level or the Windows 2000 forest functional level, and therefore you cannot add Windows 2000–based domain controllers to the forest.
For more information about deploying Windows Server 2003 in a Windows NT 4.0 environment, see "Upgrading Windows NT 4.0 Domains to Windows Server 2003 Active Directory" in this book.
If you intend to add one or more Windows 2000–based domain controllers instead of having only domain controllers running Windows Server 2003 in your environment, see "Enabling Windows Server 2003 Functional Levels in a Mixed Windows 2000 Environment" later in this chapter.
Important
- If you are running Windows NT 4.0 or Windows 2000 domain controllers in your environment, do not raise the functional level of your domain or forest to Windows Server 2003. You cannot operate at the Windows Server 2003 functional level until all of your domain controllers are running Windows Server 2003.
Windows 2000 Active Directory group replication limits the size of groups in a Windows 2000 forest. You must divide groups that include more than 5,000 members into smaller groups when you upgrade to Windows 2000. The Windows Server 2003 interim forest functional level is ideal if the groups in any domains in your existing Windows NT 4.0 environment include more than 5,000 members. When you are operating at the Windows Server 2003 interim functional level, you can take advantage of group membership replication improvements, which support large groups of more than 5,000 members.
When upgrading your Windows NT 4.0 environment to Windows Server 2003, you can choose to do one of the following:
Upgrade to a regional domain in an existing Windows Server 2003 forest.
Upgrade to a single domain forest.
Whether you decide to upgrade to a regional domain in an existing Windows Server 2003 forest or upgrade to a single domain forest, if you choose to raise the forest functional level to Windows Server 2003 interim, you must remain at the Windows Server 2003 interim functional level until you upgrade all other Windows NT 4.0–based domain controllers to Windows Server 2003 or retire them from service. The Windows Server 2003 interim functional level supports both Windows NT 4.0–based domain controllers and Windows Server 2003–based domain controllers.
Upgrading to a Regional Domain in an Existing Windows Server 2003 Forest
When you upgrade a Windows NT 4.0 domain to a regional domain in an existing Windows Server 2003 forest, it is recommended that you raise the forest functional level of the existing forest to Windows Server 2003 interim before upgrading the Windows NT 4.0 PDC to take advantage of the added features of the Windows Server 2003 interim functional level. After you raise the forest functional level of the existing forest to Windows Server 2003 interim, the domain functional level of the forest root domain and all subsequent regional domains is set by default to Windows Server 2003 interim.
When you upgrade a Windows NT 4.0 domain to a regional domain in an existing Windows Server 2003 forest, where the forest functional level is set to Windows 2000, functional levels are set in the new regional domain to the following by default, and they remain in effect until you raise them manually:
Windows 2000 mixed domain functional level
Windows 2000 forest functional level
You cannot use Active Directory administrative consoles to raise the forest functional level of the existing Windows Server 2003 forest root domain to Windows Server 2003 interim. Instead, use a Lightweight Directory Access Protocol (LDAP) application such as ADSI Edit or LDP in Windows Support Tools to edit the value of the msDS-Behavior-Version attribute.
To raise the forest functional level of the existing forest to Windows Server 2003 interim by using ADSI Edit
In ADSI Edit, expand the Configuration partition, and expand CN=Configuration,DC=forestname,DC=domainname,DC=com.
Right-click CN=Partitions, and then click Properties.
Select the msDS-Behavior-Version attribute.
Click Edit.
In the Value field, type 1 to raise the forest functional level to Windows Server 2003 interim.
Click OK.
After you raise the forest functional level to Windows Server 2003 interim forest, you cannot add Windows 2000–based domain controllers to the forest.
If you are deploying a new Windows Server 2003 forest root domain and are planning to upgrade a Windows NT 4.0 domain to a regional domain in this new environment, after you raise the forest functional level to Windows Server 2003 interim, upgrade the Windows NT 4.0 domain to Windows Server 2003. Select Child domain in an existing domain tree when prompted by the Active Directory Installation Wizard.
For more information about deploying a Windows Server 2003 forest root domain, see "Deploying the Windows Server 2003 Forest Root Domain" in this book.
Upgrading to a Single Domain Forest
When upgrading to a new Windows Server 2003 single domain forest by upgrading an existing Windows NT 4.0 PDC to Windows Server 2003, you are prompted to use the Active Directory Installation Wizard to install Active Directory. The wizard gives you the option of setting the forest functional level to Windows Server 2003 interim during the Active Directory installation process.
If you set the functional level during the Active Directory installation, both the domain and forest will be set at Windows Server 2003 interim after the installation process is complete and the computer is restarted.
Important
If you do not set the functional level to Windows Server 2003 interim during the Active Directory installation process, functional levels are set by default to the following:
Windows 2000 forest functional level
Windows 2000 mixed domain functional level
Use the preceding procedure to use ADSI Edit to manually raise the forest functional level to Windows Server 2003 interim after the Active Directory installation process is complete and the computer is restarted.