How to rollback AD DS Forest Function Levels in Windows Server using PowerShell
So you have recently raised your Active Directory Domain services Forest Functional Level from Server 2008 to either Sever 2008 R2 or Server 2012. Now you have realized you need to go back to either Server 2008 or Server 2008 R2, in previous operating systems this was not possible. In Windows Server 2008 R2 and Windows Server 2012, we now have the tools to be able to revert back to a previous level. There are some limitations, the lowest level that can be rolled back to is Windows Server 2008. The other limitation is that you have not enable any of the features that are required by the current level. To accomplish this task you must use PowerShell as there is no GUI to rollback the functional level.
The first step is to import the Active Directory Manifest into PowerShell, if needed. Launch PowerShell and type Import-Module Activedirectory.
Use the Get-ADForest to determine your current mode.
The next CMDlet we are going to use is Set-ADForestMode. To get the syntax for using this CMDlet use the built in help system by typing Get-Help Set-ADForestMode . To get more information about the CMDlet add -detailed, -full or -examples.
Based on the syntax of the help file we will now rollback the current forest functional level from Windows Server 2012 to Windows Server 2008 R2, type the following CMDlet.
Set-ADForestMode -Identity (Get-ADForest).name -ForestMode Windows2008R2 press “Y” when the confirmation is asked.
Identity – I used the Get-ADforest CMDlet to retrieve the forest information I was connected to and the method to use the name parameter. You could of as easily typed in the FQDN of the forest.
ForestMode – The options here are only Windows2008 or Windows2008R2 depending how far you desire to rollback.
To verify the forest functional has changed either use the GUI or PowerShell . Type Get-ADForest to verity.
The Forest has successfully rolled back. Until next time, RIDE SAFE!!
Rick Trader
Windows Server Instructor – Interface Technical Training
Phoenix, AZ
Creating Users and Managing Passwords in Microsoft Office 365
In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.
How to clone a Windows Server 2012 or 2012 R2 Domain Controller
One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller
Detailed Forensic Investigation of Malware Infections – April 21, 2015
In this IT Security training video, Security expert Mike Danseglio (CISSP / CEH) will perform several malware investigations including rootkits, botnets, viruses, and browser toolbars.
Write a Comment
See what people are saying...
Share your thoughts...
Hope this helped? Oh man you saved me! I was genttig this same error and kept thinking WTH is this name’ it keeps talking about!?!?! Finally did a web search, read your post, and thought Duh Thanks man!