Quantcast
Channel: Directory Services forum
Viewing all articles
Browse latest Browse all 31638

"Cold Feet" in raising domain and forest levels to 2008r2

$
0
0

Hi all,

I have two domain controllers in our network.  The primary one is a 2008r2 DC with all the FSMO roles.  The second is a server 2012r2 running on as a VM in  hyper-v.  I had migrated a server 2003 DC to a server 2008 DC but found I no longer needed it so I demoted it to just a member server and then physically removed it.  I have since tested my existing 2008r2 DC and 2012r2 DC by running repadmin /replsum, repadmin /showrepl, repadmin /bridgeheads, and then running dcdiag /v.  All tests have passed. I also used adsiedit.msc to make sure there were no domain controllers left in the metadata.

I am ready to raise both the domain and functional levels to server 2008r2 but still have some trepidation because I use NTLM authentication.  I am also concerned because we use .net 3.5 and apparently there is a known problem after raising the domain level.

The requested mode is invalid" error message when you run a managed application that uses the .NET Framework 3.5 SP1 or an earlier version to access a Windows Server 2008 R2 domain or forest Note This issue occurs only when the application uses the .NET Framework 3.5 Service Pack 1 (SP1) or an earlier version.

So I have three questions.

1) This is a production environment so what measures should I take ( I do have full backups of both domain controllers) as a disaster recovery process? (For example,  I read that you should take one domain controller off-line in case there are problems).

2) This article enumerates problems with raising the domain level  http://blogs.technet.com/b/pie/archive/2014/09/07/raising-functional-level-are-you-getting-cold-feet-because-of-kb2260240.aspx.  Do I need to run the PowerShell command on every server that has .net 3.5 or is there a simpler way to find out the repercussions of raising the level with applications using .net 3.5?

3) I have read some online posts indicating problems with NTLM authentication after raising the level. Is there some procedure or process I can run that may uncover possible problems or, better, solutions to a possible problem? Or am I just getting"cold feet" for nothing. 

Sorry to be so verbose but I wanted to give you as much info as I could.

Thank you for your help,

FD


Bob Andres


Viewing all articles
Browse latest Browse all 31638

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>