Hi all,
I have two domain controllers in our network. The primary one is a 2008r2 DC with all the FSMO roles. The second is a server 2012r2 running on as a VM in hyper-v. I had migrated a server 2003 DC to a server 2008 DC but found I no longer needed it so I demoted it to just a member server and then physically removed it. I have since tested my existing 2008r2 DC and 2012r2 DC by running repadmin /replsum, repadmin /showrepl, repadmin /bridgeheads, and then running dcdiag /v. All tests have passed. I also used adsiedit.msc to make sure there were no domain controllers left in the metadata.
I am ready to raise both the domain and functional levels to server 2008r2 but still have some trepidation because I use NTLM authentication. I am also concerned because we use .net 3.5 and apparently there is a known problem after raising the domain level.
The requested mode is invalid" error message when you run a managed application that uses the .NET Framework 3.5 SP1 or an earlier version to access a Windows Server 2008 R2 domain or forest Note This issue occurs only when the application uses the .NET Framework 3.5 Service Pack 1 (SP1) or an earlier version.
So I have three questions.
1) What do your raise first? Domain or Forest level?
2) Will NTLM authentication have problems after raising the levels to server 2008 r2
3) This is a production environment so what measures should I take ( I do have full backups of both domain controllers) as a disaster recovery process (For example, I read that you should take on domain controller off-line in case there are problems).
Sorry to be so verbose but I wanted to give you as much info as I could.
Thanks,
FD
Bob Andres