Windows Server - windows 2008 dc and trust

Asked By 2010
17-Sep-09 01:19 PM
We are adding a windows 2008 r2 dc into a windows 2003 domain that is in a
trust with another windows 2003 domain.  WIl upgarding the active directory
to 2008 and adding new domain conroller have any affect on the trust
replationship?
Windows Server Active Directory Discussions
 
Windows Server 2008 R2
(1)
Windows Server 2003
(1)
Active Directory
(1)
RecycleBin
(1)
Maillist
(1)
Trainer
(1)
Matrix
(1)
Howdie
(1)
  MattMJF replied...
17-Sep-09 03:10 PM
After you raise the forest/domain functional level to Windows Server 2008 R2
it should not affect the the trust relationship with the other domain.  For
grins, after raising the forest & domain functional level to W2K8 R2, I would
look in Active Directory Domains & Trusts just to verify the one-way or
transative or external trust already configured remains intact.

Mind you that all the domain controllers must be W2K8 R2 OS in order to
raise the forest - domain functional level to Windows Server 2008 R2.

Cheers!

mattmjf@yahoo.com
  2010 replied...
17-Sep-09 03:15 PM
We will still have 2003 DCs.  What does it mean if we do not have
forest-domain functional level to 2008 R2?  Are we basically only able to use
windows 2003 features?
  Florian Frommherz [MVP] replied...
17-Sep-09 03:21 PM
Howdie!

2010 schrieb:

You're able to use Server 2008R2 features on the Server 2008R2 box.

However there are features related to Active Directory (eg the
RecycleBin feature) that need to have a domain functional level of
functional restrictions Active Directory has to make sure those features
run properly.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
  MattMJF replied...
17-Sep-09 03:26 PM
I would advise you upgrade the Windows Server 2003 DCs to Windows Server 2008
R2.  Once all the domain controllers are at W2K8 R2 level, then you can raise
the forest and domain functional level to W2K8 R2 taking advantage of the new
features such as AD recycle bin, granular password policies, improved group
policy processing, more forensic event logging etc. etc.

Until all your DCs are at W2K8 R2 level then you raise forest & domain level
to W2K8 R2, you are only able to use Windows Server 2003 Active Directory
features.
  Ace Fekay [MCT] replied...
17-Sep-09 03:38 PM
Just a side note, I would rather install fresh, new 2008 R2 servers instead
of upgrading, especially if you want to take advantage of 64 bit versions.
The once FSMO roles have been transferred, remove the old 2003 DC. Besides,
upgrading just brings some of the old issues from the previous OS to the new
server.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
  2010 replied...
17-Sep-09 03:44 PM
According to this is looks(see link) it looks like I can use windows 2008 r2
dc with a windows 2003 sp2 dc and exchange server 2003 as long as I am in
'windows server mode 2003'?  Then when we replace our Exchange 2003 server
with 2007 and 2008 r2 dc we should be able to raise domain to 'windows 2008
r2 mode', correct?  Thanks for your help.

http://technet.microsoft.com/en-us/library/ee338574.aspx

According to
  Ace Fekay [MCT] replied...
17-Sep-09 04:19 PM
Based on the Matrix, you can run Exchange 2007 in an R2 AD environment, it
must be SP2 with minimal Rollup 9.

It also states that Exchange 2007 cannot be run on 2008 R2, rather just
2008. Not sure if the matrix has been updated, or why Microsoft has not
approved it yet. It could simply be that it has not been tested yet.

As for raising domain and forest levels, you would have to make sure all DCs
are up to the latest version of any operating system before you can raise
the levels to that operating system level. Similar to when you had a mix of
Windows 2000 and 2003 DCs, you could not raise the forest of domain levels
to 2003 as long as a 2000 DC exists in the mix.

Ace
  MattMJF replied...
17-Sep-09 04:21 PM
Correct.  YW.

mattmjf@yahoo.com
Previous Discussion:  Windows 2008 r2 DC to WIndows 2003 domain
Create New Account
help
SBS2003 | Windows Server 2008 - Exchange 2007 Windows Server Good morning! We have a new client that ultimately has an SBS2003 environment with an additional Domain Controller (WIN2008) and an additional Exchange Server (2007). I have not been apart of this at all (except for looking at it saying that in a negative way (really not). Is it possible to: 1) remove Exchange 2003 from the SBS2003 box (I know all about having to use the Administrator account. . .have VPN connection (just thinking what we must have been thinking when we removed the SBS2003 server from the client's office)? As long as we have CD2, right? 2) remove SBS2003
GPO's Not Replicating Windows Server I am having a great deal of trouble getting GPs to pull over the domain to port 389 on the DC but I can telnet to 23 (after enabling telnet server). It shows that it is listening on 389 in netstat. SYSVOL properties are as they GP fine. it is everything outside of those 2 that does not. The PDC / DNS server is using its own IP for DNS. GPResult reads: Group Policy Infrastructure failed due to Profile: http: / / forums.techarena.in / members / 169993.htm View this thread: http: / / forums.techarena.in / active-directory / 1288776.htm http: / / forums.techarena.in Windows Server Active Directory Discussions Windows Server 2008 R2 (1) Windows Server 2008 (1) Active Directory (1
DCPROMO seems to be stuck - Windows Server 2008 R2 Windows Server Hello, I am not an expert on the subject but I have set up about 15 2008 servers and run DCPROMO without seeing this issue. I have a 2008 R2 server - just formatted from scratch, applied the 8 or so patches from Windows update
SBS2008 + searching large mailbox Windows Server Have an SBS2008 installation. The company has a Mail Archive mailbox which is around 8GB their PC's it takes a very very long time. However on their previous SBS 2003 server in Exchange 2003 it was taking nowhere near as long and searching was almost instant. Any ideas why mailbox seems to be performing so mich slower than it was before on their SBS 2003 setup ? The new hardware for the SBS2008 is HP ML350G6 18GB RAM which is much faster than their old SBS 2003 server. Only other major change to their PC setup is their AV was upgraded from SAV
Is it possible to decrypt EFS files without backup certificate Windows Server A PC had Vista installed and one folder was encrypted by OS. This folder had some thousand or so files. Then Vista was reinstalled, with most old system files (including "Windows", folder left intact on HDD. Is it possible to get files from encrypted folder somehow decrypted under newly installed copy of Windows? Username and password for Windows account used to encrypt folder are known. Utilities like Elsomsoft's EFS recovery could not not others. (microsoft.public.security, microsoft.public.win2000.security, microsoft.public.security.homeusers, microsoft.public.windows.file_system, microsoft.public.windows.vista.security) Security Discussions Windows XP (1) Windows Server 2003 (1) Windows Server 2008 (1) Windows Server (1) Windows 7