How to Raise Active Directory Forest Functional Level
An Active Directory functional level defines which Active Directory Domain Services (AD DS) capabilities are available for a certain forest or domain. The functional levels are defined in terms of Windows Server versions, as each version upgrade introduces a slew of new AD DS features. Because their functions are not backward compatible with prior functional levels, functional levels must be defined.
Functional levels are classified into two types:
-
Forest functional level (FFL)
-
Domain functional level (DFL)
Forest functional level (FFL)
A forest functional level specifies which AD DS features are enabled in a forest. Increasing an FFL improves the capability of the forest’s domain controllers (DC). For example, Windows Server 2016 included Privileged Access Management (PAM) capabilities in addition to all of the previous version’s capabilities.
How to check forest functional level?
How can I determine the functional level of a forest? Follow these procedures to see your forest’s functioning level:
- Go to Start and choose Administrative Tools.
- Go to Domains and Trusts in Active Directory.
- Right-click the root domain and choose Properties.
- You can see your forest and domain functional levels under the General tab.
Using PowerShell to find the Forest Functional Level
You can find the Forest Functional Level of your domain using the following PowerShell command: Get-ADForest | fl Name,ForestMode
How to raise forest functional level
If at any point, you need to change the functional level of your forest, you can do so by following the steps given below. For example, if you want to raise forest functional level from 2012R2 to 2016, here’s how you can do it:
-
Go to Start and open Administrative Tools
-
Go to Active Directory Domains and Trusts
-
In the left pane, right-click on Active Directory Domains and Trusts and select Raise Forest Functional Level.
-
You will see a list of forest functional levels that are available. Select the required functional level. In this case, select Windows Server 2016.
-
Click Raise.
-
You will get a warning message. Read the message and click OK.
-
Click OK on the confirmation dialogue box.
How to raise Domain Functional Level in Active Directory
- From the Administrator Tools panel, select Active directory users and computers console.
- Right-click the root domain for which you want to raise the domain functional level and select Raise Domain Functional Level.
- Select an available Domain Functional Level and then click on Raise.
This raises the functional level of a domain.
Dependencies of Active Directory Functional Levels
The following dependencies exist between Active Directory Forest functional levels:
- When all domain controllers (DCs) in a network run the same version of Windows Server, the Active Directory Forest Functional level must be set to support the same forest functional level.
- An administrator must upgrade the forest functional level in order to enable advanced Active Directory functionality in a forest, which can only be done if all domain controllers are running the same version of Windows Server.
- Domain controllers (DCs) running previous versions of Windows Server cannot be added to the forest when the functional level is increased.
Raise domain or forest functional level first?
The forest functional level specifies the minimum functional level at which all DCs in the forest must operate. Any DC who runs an older version of Windows will be demoted from the role of DC. This limitation, however, only applies to DCs. The forest’s member servers and workstations will be impacted.
As a result, the ideal approach is to first raise the domain functional level and subsequently the forest functional level. Nevertheless, increasing the forest functional level inevitably raises the domain functional level.
Before raising the forest functional level, it is a good practice to understand the functions that each functional level brings to the table so that you can make an educated selection. Each functional level builds on the preceding one’s functionality and adds new ones on top of it. Some levels add no substantial capabilities, while others significantly enhance.
| FOREST FUNCTIONAL LEVEL | AVAILABLE FEATURES |
|---|---|
| Windows Server 2016 | Privileged Access Management (PAM) using Microsoft Identity Manager (MIM) |
| Windows Server 2012R2 | All available features of Windows Server 2012 FFL |
| Windows Server 2012 | All available features of Windows Server 2008R2 FFL |
| Windows Server 2008R2 | Active Directory Recycle BinAll available features of Windows Server 2003 FFL |
| Windows Server 2008 | All available features of Windows Server 2003 FFL |
| Windows Server 2003 | Forest trustDomain renameLinked-value replicationAbility to deploy a read-only DC (RODC)Improved Knowledge Consistency Checker (KCC) algorithms and scalabilityCreation of instances of the dynamic auxiliary class named dynamicObject in a domain directory partitionConversion of an inetOrgPerson object instance into a User object instance and the converseCreation of instances of new group types for role-based authorizationDeactivation and redefinition of attributes and classes in the schemaDomain-based DFS namespacesAll default AD DS features |
| Windows 2000 native | All default AD DS features |
So, that’s all in this blog. I will meet you soon with next stuff. Have a nice day!!!
Guys please don’t forget to like and share the post. Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them.
You can also share the feedback on below windows techno email id.
If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.
