Raise the Domain Functional Level to Windows Server 2003

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

After you upgrade all Windows NT 4.0–based domain controllers in a domain to Windows Server 2003, you can raise the functional level of each domain in the forest to Windows Server 2003. Before you raise the domain functional level, however, you must ensure that no Windows NT 4.0–based domain controllers remain in the domain.

Warning

• If Windows NT 4.0–based domain controllers are running in a domain when you raise the domain functional level to Windows Server 2003, they will no longer be able to communicate with the new Windows Server 2003 domain controllers and will not receive necessary updates.

Use the following LDAP query to identify any Windows NT 4.0 domain controllers remaining in the domain. Run the LDAP query against the Domain container in Active Directory Users and Computers. If you have not manually changed the value of the operatingSystemVersion attribute of the computer object, this query is conclusive for domain controllers running Windows NT 4.0. You must be a member of the Domain Admins group to run the following query.

To identify Windows NT 4.0–based domain controllers in a domain

1. From any Windows Server 2003–based domain controller, open Active Directory Users and Computers.

2. If the domain controller is not already connected to the appropriate domain, connect it to the domain as follows:

   1. Right-click the current domain object, and then click Connect to domain.

   2. In the Domain dialog box, type the DNS name of the domain that you want to connect to, or click Browse to select the domain from the domain tree, and then click OK.

3. Right-click the domain object, and then click Find.

4. In the Find dialog box, click Custom Search.

5. Click the domain for which you want to change the functional level.

6. Click the Advanced tab.

7. In the Enter LDAP query box, type the following, leaving no spaces between any characters (the query is not case-sensitive):

   (&(objectCategory=computer)(operatingSystemVersion=4*)(userAccountControl:1.2.840.113556.1.4.803:=8192))
   

8. Click Find Now. This produces a list of the computers in the domain that are running Windows NT 4.0 and functioning as domain controllers.

   A domain controller might appear in the list for any of the following reasons:

   • The domain controller is running Windows NT 4.0 and must be upgraded.

   • The domain controller has been upgraded to Windows Server 2003, but the change has not replicated to the target domain controller.

   • The domain controller is no longer in service, but its computer object has not been removed from the domain.

Before you can change the domain functional level to Windows Server 2003, you must physically locate any domain controller in the list, determine its current status, and either upgrade or remove the domain controller as appropriate.

For more information about LDAP queries, see the Active Directory Collection of the Windows Server 2003 Technical Reference (or see the Active Directory Collection on the Web at https://www.microsoft.com/reskit).