Re: Raise "Forest" functional level & rename domain?
- From: "Tony Murray" <TonyMurray@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 22 Nov 2005 17:14:02 -0800
Hi Scott
When two forests are both at 2003 forest functional level you have two trust
options:
1. Standard domain trusts.
2. Cross-forest trusts
Cross-forest trusts have some benefits over standard domain trusts (e.g
selective authentication, transitive across all domains in the forest, etc.).
You are free to maintain your existing domain trust after you change the
functional level in your forest without having to change the functional level
in the partner forest. All I was saying was that if you want to take
advantage of the cross-forest trust functionality, both forests need to be at
2003 forest functional level.
Does that make sense? :-)
Tony
www.activedir.org
"Scott" wrote:
> when you say it will need to be a cross forest trust when both are at 2003,
> what do you mean? Should we only then raise the functional forest level of
> the domain we'd like to rename and leave the other one @ 2K level?
>
> "Tony Murray" <TonyMurray@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:272FBA79-7031-449D-8AAE-4627CB57B9E1@xxxxxxxxxxxxxxxx
> > Yes, the FFL change is just as easy as doing the DFL change. The obvious
> > requirement is that all your domains within the forest are at 2003 DFL.
> >
> > There should be no impact on the trust and you shouldn't need to change
> > the
> > functional level of the domain/forest with which you have a trust. Having
> > said this, you will only be able to implement a cross-forest trust when
> > both
> > forests are at 2003 FFL (i.e. level 2).
> >
> > There are certain recommendations around how you approach the raising of
> > the
> > functional level. For example, it is best to disconnect at least one DC
> > from
> > each domain before you make the change so that you can recover in the
> > event
> > of a problem (although that's very unlikely). The change is one way, so
> > the
> > only way to fall back is basically to carry out a forest recovery. More
> > details in this article.
> >
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;322692
> >
> > I've not performed a domain rename so I can't advise on how easy or
> > otherwise it is. I recommend you read the document here in advance for
> > any
> > potential gotchas.
> >
> > http://www.microsoft.com/technet/downloads/winsrvr/domainrename.mspx
> >
> > Tony
> > www.activedir.org
> >
> > "Scott" wrote:
> >
> >> First off, is raising the forest functional level just as easy as doing
> >> the
> >> domain functional level and how would this effect a trust? I would assume
> >> the trusted domain/forest would need to be raised as well which we will
> >> do,
> >> but does it need to be done at the exact same time?
> >>
> >> Also, once this is done (and the reason we want to do it) how easy is it
> >> to
> >> rename a domain? We have a remote site where the guy that built the
> >> server/domain didn't name the domain as we would have preferred, we would
> >> like to rename it to keep with our naming scheme.
> >>
> >> Thanks!
> >>
> >> Scott
> >>
> >>
> >>
>
>
>
.
- References:
- Raise "Forest" functional level & rename domain?
- From: Scott
- Re: Raise "Forest" functional level & rename domain?
- From: Scott
- Raise "Forest" functional level & rename domain?
- Prev by Date: Re: Howto remotely edit Computer Description
- Next by Date: Re: Forced duples Printing
- Previous by thread: Re: Raise "Forest" functional level & rename domain?
- Next by thread: GPO Delegation Tab
- Index(es):
Relevant Pages
|
