1

I upgraded my Windows 2000 domain functionality to 2008 R2. Made my 2008 R2 machines domain controllers. Replication is working.

Eventually I will demote the 2000 servers. At the moment, the Windows 2000 SP4, because I just upgraded, is still the FSMO role holder.

When I transfer my FSMO roles to the 2008 R2 server, will my Windows 2000 SP4 machines still be domain controllers and be able to authenticate? I know that I have to use dcpromo to demote them, but in reality, when I move those roles will they still be authenticating?

Thanks.

johnny
  • 2,328
  • 9
  • 37
  • 57
  • are you sure you actually moved to the 2008 R2 domain function level? It explicitly denies this when you still have domain controllers in the domain that don't meet the required level. – HostBits Jun 10 '13 at 15:42
  • @Cheekaleak He doesn't say he upgraded the functional level. He said he "upgraded" which, to him, probably just means that he added the 2008 R2 DC's into the domain. – Rex Jun 10 '13 at 15:44
  • I upgraded to 2008 level with adprep. I had no errors. Schema is 2008 R2. Rolls have been transferred to Win2k8. – johnny Jun 10 '13 at 17:07
  • @johnny you just extended the schema to support 2008 R2 and then added a 2008 R2 DC to your existing domain. To update the domain and forest function levels you need to have all DCs on 2008 R2 or higher. – HostBits Jun 10 '13 at 18:37
  • @Cheekaleak Hope it keeps working. The role holder is 2008 R2 now. – johnny Jun 10 '13 at 18:41

1 Answers1

3

First, you can't run at 2008 domain functional level until you demote the 2000 DCs...Not sure what you mean by "still be authenticating?" Yes, they will still be domain controllers, just not hold the FSMO roles. Replication will still occur with them until you demote them.

Linking a similar ServerFault question to help: Win2008 DC in a Windows 2000 domain: can I keep the old DC?

Community
  • 1
TheCleaner
  • 32,627
  • 26
  • 132
  • 191
  • Beat me to the answer by a minute. Deleting mine since it's basically redundant at this point. – Rex Jun 10 '13 at 15:45
  • :) You can add your info to mine if you like. Or you can leave your answer...maybe they'll accept yours! – TheCleaner Jun 10 '13 at 15:46
  • Nah - wouldn't want to steal your thunder :) – Rex Jun 10 '13 at 15:47
  • Then I do not understand. I used adprep on my 2000 DCs. Everything in the schema was moved to 2008 R2. Made the 2k8 DC. Moved roles from 2k to 2k8. Everything is working. – johnny Jun 10 '13 at 17:06
  • Not sure what your question is. You have to adprep the domain to allow for 2k8 DCs, sure you did that. But you won't be able to change/up the forest or domain functional levels until only the 2k8's are DCs. The level will remain at the level of the lowest DC OS. http://technet.microsoft.com/en-us/library/cc771294.aspx and http://support.microsoft.com/kb/322692 – TheCleaner Jun 10 '13 at 18:13