Microsoft KB Archive/895139

= You receive a &quot;SV_PROBLEM_WILL_NOT_PERFORM&quot; error message when you try to raise the domain functional level to Windows Server 2003 on a domain controller that is running Windows Server 2003 Service Pack 1 =

Article ID: 895139

Article Last Modified on 10/11/2007

-

APPLIES TO

 Microsoft Windows Server 2003 SP1, when used with:  Microsoft Windows Server 2003, Standard Edition (32-bit x86)

 Microsoft Windows Server 2003, Enterprise Edition

 Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)  Microsoft Windows Server 2003, Datacenter x64 Edition</li> Microsoft Windows Server 2003, Enterprise x64 Edition</li> Microsoft Windows Server 2003, Standard x64 Edition</li></ul>

-

<div class="notice_section">

<div class="symptoms_section">

SYMPTOMS
Consider the following scenario:
 * On a domain controller that is running Microsoft Windows Server 2003 with Service Pack 1 (SP1), you try to raise the domain functional level to Windows Server 2003 by using one of the following methods:
 * You modify the value of the msDS-Behavior-Version attribute on the domainDNS object.
 * You use the Ldp.exe utility or the Adsiedit.msc utility.
 * The domain is not in native mode when you try to raise the domain functional level to Windows Server 2003.

In this scenario, the operation fails, and you receive the following error messages:

SV_PROBLEM_WILL_NOT_PERFORM

ERROR_DS_ILLEGAL_MOD_OPERATION

Additionally, you receive the following message in the Directory Services event log: Active Directory could not update the functional level of the following domain because the domain is mixed mode.

<div class="cause_section">

CAUSE
The Schema Admins and Enterprise Admins security groups are not configured to use the universal group scope even though the forest functional level is set to Windows Server 2003.

Note The forest functional level is set to Windows Server 2003 when the value of the msDS-Behavior-Version attribute is set to 2.

<div class="resolution_section">

RESOLUTION
To resolve this problem, a domain administrator can change the domain mode to native mode by using one of the following tools:
 * The Active Directory Users and Computers snap-in
 * The Active Directory Domains and Trusts snap-in

A domain administrator can also programmatically change the value of the ntMixedDomain attribute on the domainDNS object to 0.

To verify that the domain mode has been changed to native mode, determine whether the following event has been logged in the System event log: Event Type: Information

Event Source: SAM

Event ID: 16408

Description: &quot;Domain operation mode has been changed to Native Mode. The change cannot be reversed.&quot;

<div class="moreinformation_section">

MORE INFORMATION
When you use the Windows Server 2003 administration tools to raise the domain functional level, the ntMixedDomain attribute and the msDS-Behavior-Version attribute are modified in the correct order. However, if you manually or programmatically set the msDS-Behavior-Version attribute to 2 and then raise the forest functional level to Windows Server 2003, the following events occur:
 * The ntMixedDomain attribute is set to 0.
 * The scope for the Schema Admins and Enterprise Admins groups is not changed to universal as you expect.

Domain controllers that are running Windows Server 2003 Service Pack 1 block the transition to a forest functional level until the following conditions are true:
 * The domain is in native mode.
 * The required change in security group scopes is configured in all domains.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

322692 How to raise domain and forest functional levels in Windows Server 2003

Additional query words: ldap ldp.exe adsi

Keywords: kbinfo kbtshoot kbprb KB895139

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.