Article ID: 298601
Article Last Modified on 3/2/2007
APPLIES TO
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
This article was previously published under Q298601
SYMPTOMS
When you attempt to promote a Microsoft Windows 2000-based server to be a domain controller in a Microsoft Windows Server 2003-based domain, you can receive the following error message:
The preceding error message can end with either of the following sentences:
-or-
The following event can also be generated in the Directory Services log in Event Viewer:
CAUSE
This behavior can occur because the domain functionality level and/or the forest functionality level has been raised to a level that is unsupported by a Windows 2000 domain controller.
RESOLUTION
To work around this behavior, determine the current functionality level:
- On a Windows Server 2003-based domain controller, open Active Directory Users and Computers.
- In the left pane, right-click the name of the domain, and then click Properties.
- Click Domain functionality to examine its functionality level, and then click Forest functionality to examine its functionality level.
If either of the functionality levels list Windows Server 2003 as the current level, you must upgrade the Windows 2000-based server to Windows Server 2003 prior to promoting it to be a domain controller. If the functionality level has been raised, it cannot be reduced.
STATUS
This behavior is by design.
MORE INFORMATION
Whenever a new function is added to Active Directory, you may not be able to add this functionality in a backward-compatible manner. New functionality may create scenarios or data structures that earlier domain controllers cannot understand, or this functionality may involve new protocols that earlier domain controllers do not support. In these situations, the server must prevent these new features from being enabled until all of the participating domain controllers are able to handle the new behavior. If these features are enabled, client computers may experience different behavior depending upon the domain controller that they select for service.
Windows 2000 had these same type of requirements. New Active Directory features, such as, Universal Groups, Group Nesting, and security identifier (SID) History did not have any "representation" on Microsoft Windows NT 4.0 backup domain controllers (BDCs). To ensure that these features had not been enabled until all of the Windows NT 4.0 BDCs had been removed from a domain, the directory introduced the notion of Mixed mode and Native mode. The Domain mode had been stored in an attribute on the domainDns object of the domain. In Mixed mode, new functionality had been disabled and Windows NT 4.0 BDCs had been enabled. When an administrator promoted a domain to Native mode, the administrator acknowledged that there had not been any Windows NT 4.0 BDCs in the domain. In Native mode, new functionality had been enabled. The promotion is irreversible: You cannot revert back to Mixed mode.
When a new domain controller is created, the server must verify that the domain controller can support the current functionality version that is observed by both the domain and forest that the domain controller is about to join. If the domain controller cannot support the current version, the creation of the domain controller is unsuccessful.
Keywords: kbenv kbprb KB298601
