How to Revert Back or Lower the Active Directory Forest and Domain Functional Levels in Windows Server 2008 R2

  • Article

Overview

In previous versions of Windows Server, changes to Domain Functional Levels (DFL) and Forest Functional Level (FFL) could not be rolled back.  With Windows Server 2008 R2, you can now revert back or lower both the Domain Functional Level and Forest Functional Level of your domain, provided you meet the specific conditions and limitations of this new feature described below.  It would be helpful to understand the Active Directory Domain Services (AD DS) Functional Levels while examining this article.

Before you lower the Forest Functional Level

Before you lower the Forest Functional Level, there are some key conditions to keep in mind:

  1. The current Forest Functional Level must be set to Windows Server 2008 R2
  2. The Recycle Bin, part of Active Directory Advanced Optional Feature set, must not be enabled.  In the current release, the AD Recycle Bin feature is irreversible!  If it is currently installed, you cannot revert the Forest Functional Level or Domain Functional Level of your environment
  3. The lowest Forest Functional Level you can roll back to is Windows Server 2008
  4. You must be using an account with Enterprise Administrator or equivalent privileges to perform these actions

Lowering the Forest Functional Level

Once you've verified that you have met the conditions described above, you can begin the process to lower the Forest Functional Level.

In our example, we have a single domain called Win2008R2.test that is currently at a Forest Functional Level of Windows Server 2008 R2.  The goal for this section is to successfully lower the forest functional level back to Windows Server 2008.

  1. To begin, you must be logged in with an account with Enterprise Administrator or equivalent privileges

  2. Open the Active Directory Module for Windows PowerShell by navigating to Start > Administrative Tools or load the Active Directory Module for Windows PowerShell manually by running the Import-Module ActiveDirectory command at the PowerShell prompt

  3. At the prompt, type the following command, substituting Windows2008R2.test for the FQDN of the forest root domain in your environment and hit Enter:

    Set-ADForestMode -Identity Windows2008R2.test -ForestMode Windows2008Forest

  4. When prompted with "Are you sure you want to perform this action", hit Enter (or select from the menu on how to proceed)

  5. At this point, there is no confirmation that the command was successful.  To see if the command was successful, type the following command and hit Enter:
    **
    **Get-ADForest

  6. Look for ForestMode to the left.  The value should now say Windows2008Forest.  The command was successful

Before you lower the Domain Functional Level

Before you lower the Domain Functional Level, there are some key conditions to keep in mind:

  1. The current Domain Functional Level must be set to Windows Server 2008 R2
  2. The lowest Domain Functional Level you can roll back to is Windows Server 2008
  3. You must be using an account with Enterprise Administrator or equivalent privileges to perform these actions

Lowering the Domain Functional Level

Once you've verified that you have met the conditions described above, you can begin the process to lower the Domain Functional Level. 

In our example, we have a single domain called Win2008R2.test that is currently at a Domain Functional Level of Windows Server 2008 R2, but with a Forest Functional Level of Windows Server 2008.  The goal for this section is to successfully lower the Domain Functional Level back to Windows Server 2008.

  1. To begin, you must be logged in with an account with Enterprise Administrator or equivalent privileges. While a Domain Admin account can successfully raise the Domain Functional Level, you must have at least Enterprise Administrator, or equivalent permissions to lower it

  2. Open the Active Directory Module for Windows PowerShell by navigating to Start > Administrative Tools or load the Active Directory Module for Windows PowerShell manually by running the Import-Module ActiveDirectory command at the PowerShell prompt

  3. At the prompt, type the following command, substituting Windows2008R2.test for the FQDN of your domain and hit Enter:

    Set-ADDomainMode -Identity Windows2008R2.test -DomainMode Windows2008Domain

  4. When prompted with "Are you sure you want to perform this action", hit Enter (or select from the menu on how to proceed)

  5. At this point, there is no confirmation that the command was successful.  To see if the command was successful, type the following command and hit Enter:
    **
    **Get-ADDomain

  6. Look for DomainMode to the left.  The value should now say Windows2008Domain.  The command was successful

Other Languages