How To Revert Back Or Downgrade Windows Server 2008 R2 Forest And Domain Functional Level
Anna Pybus
With older versions of Windows Server, it was not possible to downgrade the domain and forest functional levelonce upgraded. However this has changed since windows Server 2012R2, using PowerShell you can now downgrade the Domain and forest functional level
How To Revert Back or downgrade Windows Server 2008 R2 Forest and Domain functional Level
Download File › https://t.co/LuMKdfWlvg
I just wanted to reach out regarding downgrading the domain and forest functional level. I found some instructions that looks like we would be able to downgrade functional levels from 2019 to 2008. I just wanted to confirm if this is indeed a possiblity, and I also want to ask what are the risks assiociated with this? Right now we only have one domain control that supports about 30 computers, and this looks like something we may need to do to get their XP machines to connect back to the domain again. Just looking to get some infomration regarding this process?
Thank you for checking in, so I have been pretty booked up today and haven't been able to go and assist them today. Just curious if we did drop down functionality wise can you go back up to the previous level if the lowered functionality doesnt work?
Thanks for the response, so my customers don't want to go through with this because I can't guarentee it will work. I found an old microsoft article through the wayback machine and I am going to see if it works. Thanks for your help though!
When attempting to downgrade (lower) the DFL of a domain, you would first need to downgrade the FFL to the same level as the required DFL to be configured. The FFL can never be higher than the DFL of any domain in the forest.
Here is the wired thing is that they do have XP machines that are already connected to the domain and have been connected for awhile but the XP machines we are currently trying to connect now have been sitting on a shelf for who knows how long. I have ensureed that SMBv1 is enabled on the domain controller. I have tried applying an update that other blogs said might help, but this is the other thing I was able to find that might help.
When we raise the FFL/DFL there will be new features/attributes added suppose from 2012r2 to 2016. So what will happen to those features/attributes when we roll back to 2012r2 again using PowerShell.
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
We cannot lower the domain and forest functional level after they have been raised. Raising the domain and forest functional levels are one-way operations that cannot be reversed. In the event that you need to revert to a lower functional level, you need to rebuild the domain or forest or restore it from a backup.
With versions of Windows Server that are earlier than Windows Server 2008 R2, we cannot roll back or lower a functional level under any circumstances. If you have to revert to a lower functional level with a version of Windows Server that is earlier than Windows Server 2008 R2, we must rebuild the domain or forest or restore it from a backup copy.
When you raise the domain functional level to Windows Server 2016 and if the forest functional level is Windows Server 2012 or lower, you have the option of rolling the domain functional level back to Windows Server 2012 or Windows Server 2012 R2.
As mentioned, there will be new features added when raising the FFL/DFL. As per our understanding, once rolling back to the lower level, the new features will not be used anymore. So sorry that we do not have the environment to do the tests.
We always recommend in-depth testing in a LAB environment before completing major upgrades or downgrades in your production environment if possible. At a minimum, ensure that we have a well-documented and fully tested forest recovery plan.
To activate the newest domain features, all the domain controllers must be running the newest Windows Server operating system version in the domain. If this requirement is met, the administrator can raise the domain functional level.
To activate the newest forest-wide features, all the domain controllers in the forest must be running the Windows Server operating system version that corresponds to the desired forest functional level. Additionally, the current domain functional level must already be at the newest level. If these requirements are met, the administrator can raise the forest functional level.
As per my understanding, we would have made the new features enabled if we had raised the functional level. As for the new features of different functional levels, we could refer to:
-us/windows-server/identity/ad-ds/active-directory-functional-levels
Since Windows Server 2008 R2 and now with Windows Server 2012(R2)you can roll back the domain and forest functional level under certain conditions. This was not possible before with previous versions of Windows. In these cases you would have to revert to a restore from backup. Yup pretty hefty so raising functional levels has to be done with care.
So you cannot have advanced features like the AD recycle bin enabled in some conditions. Enabling this is irreversible, so you cannot revert the Forest Functional Level of your environment to a level that supports the AD recycle bin when it has been enabled. Today that means from Windows Server 2012(R2) to Windows Server 2008 R2.
I used this information recently during an upgrade of an Windows Server 2008 R2 domain to Windows Server 2012 where they wanted to raise the domain and forest functional level. As they had a Forest Trust between the (now) Windows Server 2012 forest/domain and another Windows Server 2008 R2 forest/domain. They had enabled the Recycle Bin when still at Windows 2008 R2. They wanted to know if they would have issues with the trust and if so whether they could revert the levels in that case.
Do you mean :
Enabling this is irreversible, so you cannot revert the Forest Functional Level of your environment to a level that does not support the AD recycle bin when it has been enabled. Today that means from Windows Server 2012(R2) to Windows Server 2008.
The WorkingHardInIT blog is a non commercial blog where technical information is shared with the global community. We only store the minimal data need for the shortest amount of time to be able to run the website and let you interact with it. We never share and/or sell any personal or general information about this website to anyone.
Before these question can be properly addressed, if must first be understood exactly what purposes the Domain and Forest Functional Levels serve. Each new version of Active Directory on Windows Server incorporates new features that can only be taken advantage of when all domain controllers (DC) in either the domain or forest have been upgraded to the same version. For example, Windows Server 2008 R2 introduces the AD Recycle Bin, a feature that allows the Administrator to restore deleted objects from Active Directory. In order to support this new feature, changes were made in the way that delete operations are performed in Active Directory, changes that are only understood and adhered to by DCs running on Windows Server 2008 R2. In mixed domains, containing both Windows Server 2008 R2 DCs as well as DCs on earlier versions of Windows, the AD Recycle Bin experience would be inconsistent as deleted objects may or may not be recoverable depending on the DC on which the delete operation occurred. To prevent this, a mechanism is needed by which certain new features remain disabled until all DCs in the domain, or forest, have been upgraded to the minimum OS level needed to support them.
After upgrading all DCs in the domain, or forest, the Administrator is able to raise the Functional Level, and this Level acts as a flag informing the DCs, and other components as well, that certain features can now be enabled. You'll find a complete list of Active Directory features that have a dependency on the Domain or Forest Functional Level here:
Appendix of Functional Level Features
-us/library/understanding-active-directory-functional-levels(WS.10)....
There are two important restrictions of the Domain or Forest Functional Level to understand, and once they are, these restrictions are obvious. Once the Functional Level has been upgraded, new DCs on running on downlevel versions of Windows Server cannot be added to the domain or forest. The problems that might arise when installing downlevel DCs become pronounced with new features that change the way objects are replicated (i.e. Linked Value Replication). To prevent these issues from arising, a new DC must be at the same level, or greater, than the functional level of the domain or forest.
The second restriction, for which there is a limited exception on Windows Server 2008 R2, is that once upgraded, the Domain or Forest Functional Level cannot later be downgraded. The only purpose that having such ability would serve would be so that downlevel DCs could be added to the domain. As has already been shown, this is generally a bad idea.
Starting in Windows Server 2008 R2, however, you do have a limited ability to lower the Domain or Forest Functional Levels. The Windows Server 2008 R2 Domain or Forest Functional level can be lowered to Windows Server 2008, and no lower, if and only if none of the Active Directory features that require a Windows Server 2008 R2 Functional Level has been activated. You can find details on this behavior - and how to revert the Domain or Forest Functional Level - here .