Hi all,
I have two domain controllers in our network. The primary one is a 2008r2 DC with all the FSMO roles. The second is a server 2012r2 running on as a VM in hyper-v. I had migrated a server 2003 DC to a server 2008 DC but found I no longer needed it so I demoted it to just a member server and then physically removed it. I have since tested my existing 2008r2 DC and 2012r2 DC by running repadmin /replsum, repadmin /showrepl, repadmin /bridgeheads, and then running dcdiag /v. All tests have passed. I also used adsiedit.msc to make sure there were no domain controllers left in the metadata.
I am ready to raise both the domain and functional levels to server 2008r2 but still have some trepidation because I use NTLM authentication. I am also concerned because we use .net 3.5 and apparently there is a known problem after raising the domain level.
The requested mode is invalid" error message when you run a managed application that uses the .NET Framework 3.5 SP1 or an earlier version to access a Windows Server 2008 R2 domain or forest Note This issue occurs only when the application uses the .NET Framework 3.5 Service Pack 1 (SP1) or an earlier version.
So I have three questions.
1) This is a production environment so what measures should I take ( I do have full backups of both domain controllers) as a disaster recovery process? (For example, I read that you should take one domain controller off-line in case there are problems).
2) This article enumerates problems with raising the domain level http://blogs.technet.com/b/pie/archive/2014/09/07/raising-functional-level-are-you-getting-cold-feet-because-of-kb2260240.aspx. Do I need to run the PowerShell command on every server that has .net 3.5 or is there a simpler way to find out the repercussions of raising the level with applications using .net 3.5?
3) I have read some online posts indicating problems with NTLM authentication after raising the level. Is there some procedure or process I can run that may uncover possible problems or, better, solutions to a possible problem? Or am I just getting"cold feet" for nothing.
Sorry to be so verbose but I wanted to give you as much info as I could.
Thank you for your help,
FD
Bob Andres