Discussion:
Trusts with external domain and Domain/Forest Functional Levels
(too old to reply)
MyGposts
2008-12-05 17:09:46 UTC
Permalink
When you have a trust with an external domain, do your forest and
domain functional levelsa need to match?
We are wondering if raising our forest and domain functional levels
could break trusts with other domain if our local domain is at a
higher functional level.
Meinolf Weber [MVP-DS]
2008-12-05 17:20:56 UTC
Permalink
Hello MyGposts,

What OS versions are you talking about where the trusts are created? What
kind of trust is created?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by MyGposts
When you have a trust with an external domain, do your forest and
domain functional levelsa need to match?
We are wondering if raising our forest and domain functional levels
could break trusts with other domain if our local domain is at a
higher functional level.
MyGposts
2008-12-05 17:49:12 UTC
Permalink
Post by Meinolf Weber [MVP-DS]
Hello MyGposts,
What OS versions are you talking about where the trusts are created? What
kind of trust is created?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm
Post by MyGposts
When you have a trust with an external domain, do your forest and
domain functional levelsa need to match?
We are wondering if raising our forest and domain functional levels
could break trusts with other domain if our local domain is at a
higher functional level.- Hide quoted text -
- Show quoted text -
The fact that you are asking those questions sounds like it does need
to match to prevent problems.

The local domain/forest is in mixed mode and we would like to raise it
to 2003 native since all our domain controllers are running Server
2003.
There is a one way trust where or local domain trusts the outside
domain, but they do not trust or domain.
Meinolf Weber [MVP-DS]
2008-12-05 18:06:48 UTC
Permalink
Hello MyGposts,

Important for raising the level is the OS of the DC's you have. The existing
trusts shouldn't be effected because the higher levels are downwards compatible
with there functionalities.

How to raise domain and forest functional levels in Windows Server 2003
http://support.microsoft.com/kb/322692

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by MyGposts
Post by Meinolf Weber [MVP-DS]
Hello MyGposts,
What OS versions are you talking about where the trusts are created?
What kind of trust is created?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm
Post by MyGposts
When you have a trust with an external domain, do your forest and
domain functional levelsa need to match?
We are wondering if raising our forest and domain functional levels
could break trusts with other domain if our local domain is at a
higher functional level.- Hide quoted text -
- Show quoted text -
The fact that you are asking those questions sounds like it does need
to match to prevent problems.
The local domain/forest is in mixed mode and we would like to raise it
to 2003 native since all our domain controllers are running Server
2003.
There is a one way trust where or local domain trusts the outside
domain, but they do not trust or domain.
MyGposts
2008-12-05 18:19:41 UTC
Permalink
Post by Meinolf Weber [MVP-DS]
Hello MyGposts,
Important for raising the level is the OS of the DC's you have. The existing
trusts shouldn't be effected because the higher levels are downwards compatible
with there functionalities.
How to raise domain and forest functional levels in Windows Server 2003http://support.microsoft.com/kb/322692
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm
Post by MyGposts
Post by Meinolf Weber [MVP-DS]
Hello MyGposts,
What OS versions are you talking about where the trusts are created?
What kind of trust is created?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm
Post by MyGposts
When you have a trust with an external domain, do your forest and
domain functional levelsa need to match?
We are wondering if raising our forest and domain functional levels
could break trusts with other domain if our local domain is at a
higher functional level.- Hide quoted text -
- Show quoted text -
The fact that you are asking those questions sounds like it does need
to match to prevent problems.
The local domain/forest is in mixed mode and we would like to raise it
to 2003 native since all our domain controllers are running Server
2003.
There is a one way trust where or local domain trusts the outside
domain, but they do not trust or domain.- Hide quoted text -
- Show quoted text -
OK, so we do not need to be concerned about the functional level of
the outside domain; only our domain controller's OS matters.
To undo the change due to some failure of the process of raising the
functional level, I assume we simply do an authorative restore of one
of our DCs from previous system state backup and that would put
everything back to the old functional level.
Meinolf Weber [MVP-DS]
2008-12-06 10:21:45 UTC
Permalink
Hello MyGposts,

Yes, if you need to revert to a lower functional level, you need to rebuild
the domain or forest or restore it from a backup.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by MyGposts
Post by Meinolf Weber [MVP-DS]
Hello MyGposts,
Important for raising the level is the OS of the DC's you have. The
existing trusts shouldn't be effected because the higher levels are
downwards compatible with there functionalities.
How to raise domain and forest functional levels in Windows Server
2003http://support.microsoft.com/kb/322692
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm
Post by MyGposts
Post by Meinolf Weber [MVP-DS]
Hello MyGposts,
What OS versions are you talking about where the trusts are
created? What kind of trust is created?
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm
Post by MyGposts
When you have a trust with an external domain, do your forest and
domain functional levelsa need to match?
We are wondering if raising our forest and domain functional levels
could break trusts with other domain if our local domain is at a
higher functional level.- Hide quoted text -
- Show quoted text -
The fact that you are asking those questions sounds like it does
need to match to prevent problems.
The local domain/forest is in mixed mode and we would like to raise it
to 2003 native since all our domain controllers are running Server
2003.
There is a one way trust where or local domain trusts the outside
domain, but they do not trust or domain.- Hide quoted text -
- Show quoted text -
OK, so we do not need to be concerned about the functional level of
the outside domain; only our domain controller's OS matters.
To undo the change due to some failure of the process of raising the
functional level, I assume we simply do an authorative restore of one
of our DCs from previous system state backup and that would put
everything back to the old functional level.
MyGposts
2008-12-08 17:44:43 UTC
Permalink
Post by Meinolf Weber [MVP-DS]
Hello MyGposts,
Yes, if you need to revert to a lower functional level, you need to rebuild
the domain or forest or restore it from a backup.
Best regards
Meinolf Weber
And "rebuilding the domain" from backup only requires doing an
authorative restore of a domain controller backup dated before the
functional level was changed, correct?
Meinolf Weber [MVP-DS]
2008-12-09 06:50:27 UTC
Permalink
Hello MyGposts,

Have a look here about the different options:
http://technet.microsoft.com/en-us/library/bb727048.aspx

http://technet.microsoft.com/en-us/library/cc778772.aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by MyGposts
Post by Meinolf Weber [MVP-DS]
Hello MyGposts,
Yes, if you need to revert to a lower functional level, you need to
rebuild the domain or forest or restore it from a backup.
Best regards
Meinolf Weber
And "rebuilding the domain" from backup only requires doing an
authorative restore of a domain controller backup dated before the
functional level was changed, correct?
Jorge de Almeida Pinto [MVP - DS]
2008-12-05 22:05:24 UTC
Permalink
no, everything will be OK
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
Post by MyGposts
When you have a trust with an external domain, do your forest and
domain functional levelsa need to match?
We are wondering if raising our forest and domain functional levels
could break trusts with other domain if our local domain is at a
higher functional level.
Jorge de Almeida Pinto [MVP - DS]
2008-12-05 22:06:25 UTC
Permalink
forgot to say:
external trusts do not require any DFL/FLL. Forest trusts require at least
FFL = w2k3 at both endpoints
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
Post by MyGposts
When you have a trust with an external domain, do your forest and
domain functional levelsa need to match?
We are wondering if raising our forest and domain functional levels
could break trusts with other domain if our local domain is at a
higher functional level.
Loading...