joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

5/7/2015

Windows 2000 Professional SP4 in Windows Server 2012 R2 F/DFL6 Domain

by @ 8:21 am. Filed under tech

I had heard several times that Windows 2000 won’t join a Windows Server 2012 R2 Forest, especially in Windows Server 2012 R2 Functional Mode.

I did not find this to be the case. The hardest part was finding the old Windows 2000 MSDN CD in the basement (I ISO’ed it so I can lose it on my NAS now) and getting Windows 2000 Professional to load into a Windows Server 2012 R2 Hyper-V VM. Once I got past that point it joined the Active Directory with no issues. I even used the GUI without a pre-created machine account.

And to boot… Both the current version of AdFind and the current version of AdMod both worked fine on the Windows 2000 Professional SP4 machine… PowerShell AD Cmdlets didn’t seem to work though… 😉

 

image

Rating 4.50 out of 5

11/15/2010

What is DFL3? or What is FFL2?

by @ 8:00 pm. Filed under tech

On a regular basis I will say some tool or app or something requires DFL2 or DFL3 or FFL2 or something like that, I am amazed still how many people do not know what that means and I get a response of “huh? I don’t think I have that tool.” or “I typed in DFL2 and it says it is a bad command".”  Sad smile 

DFL stands for Domain Functional Level. It tells you quickly the minimum level that your Domain Controllers in a given domain must be. And FFL stands for Forest Functional Level. And you may surmise it tells you what the minimum level that your Domain Controllers must be across the entire forest. Here is a nice KB about it all http://support.microsoft.com/kb/322692.

These functional levels are important because certain types of functionality only become available once you hit certain functionality levels. A few “important” FL’s that I regularly mention:

  • DFL2 – Windows Server 2003 Domain Functional Level. This DFL gets you the lastLogonTimeStamp attribute.
  • FFL2 – Windows Server 2003 Forest Functional Level. This FFL gets you Linked Value Replication (LVR) which is a pretty substantial change in how your replication works. To most people that means that you don’t replicate entire group memberships when a single member changes, you replicate just the changed values. It means that you can avoid a particularly nasty replication error due to version store exhaustion you could hit with very large groups and it also means that you can have the opportunity to experience lingering backlinks.
  • DFL3 – Windows Server 2008 Domain Functional Level. This gets you Fine Grained Password Policy.
  • FFL4 – Windows Server 2008 R2 Forest Functional Level. This gets you to a state that you can enable the AD Recycle Bin.

 

You may ask… but why would they need to do this… Because when you are writing operating systems, you can’t always back port every function to every old version of the OS. This could be due to substantial changes in the new OS that just won’t allow the change to be ported backwards, or it could be more costly than it is worth, or it could be a desire to get people to upgrade to the new versions so you can stop supporting the old versions or say, make money on selling new versions of the OS. Winking smile  So you have to set a minimum bar and the bar is set via the DFL and FFL requirements. You want the whole domain or the whole forest to be at that required level because you want consistency. Say you only have fine grained password policy working on 1/3 of your domain controllers, how much fun would that be for your users? Not much at all if I can hazard a guess. You would need to know what the OS of your DC is before you could know properly what kind of password you might be able to use or whether you will lock out or not for some given bad number of attempts. Or from a replication standpoint, if 1/4 of your DCs know about LVR but the other 3/4’s don’t, that would be a pain in the butt to deal with even if MSFT said, we will waste the time to write the code to make this work for you by sending the whole group membership to those 3/4 that don’t know LVR.

 

Here is a quick pair of tables to tell you the DFL/FFL numbers and their related OS level…

DFL Level OS Version
0 Windows 2000
1 Windows Server 2003 (interim)
2 Windows Server 2003
3 Windows Server 2008
4 Windows Server 2008 R2

 

FFL Level OS Version
0 Windows 2000
1 Windows Server 2003 (interim)
2 Windows Server 2003
3 Windows Server 2008
4 Windows Server 2008 R2

 

If you are looking at the values of “1” and thinking, “WTF is that?” Don’t worry about it. It is rare and unless you are a developer of AD software or actually dealing with a situation that requires you to be involved with a D/FFL1 environment, you don’t need to worry about it. I personally have never seen one in actual production, only in test labs. If you want to learn what it is, knock yourself out, I am not going to spend any more time on it here. Smile

BTW, you can easily ascertain what functionality modes you are at with AdFind and querying the RootDSE of a DC.

Ex 1:

C:\>adfind -rootdse domaincontrollerfunctionality domainfunctionality forestfunctionality

AdFind V01.42.00cpp Joe Richards (joe@joeware.net) April 2010

Using server: TEST-DC1.test.loc:389
Directory: Windows Server 2003

dn:
>domainFunctionality: 2 [Windows Server 2003 Domain Mode]
>forestFunctionality: 2 [Windows Server 2003 Forest Mode]
>domainControllerFunctionality: 2 [Windows Server 2003 Mode]

1 Objects returned

Ex 2:

C:\temp>adfind -rootdse domaincontrollerfunctionality domainfunctionality forestfunctionality

AdFind V01.42.00cpp Joe Richards (joe@joeware.net) April 2010

Using server: K8R2Dom-DC01.K8R2Dom.loc:389
Directory: Windows Server 2008 R2

dn:
>domainFunctionality: 4 [Windows Server 2008 R2 Domain Mode]
>forestFunctionality: 4 [Windows Server 2008 R2 Forest Mode]
>domainControllerFunctionality: 4 [Windows Server 2008 R2 Mode]

1 Objects returned

 

   joe

Rating 4.00 out of 5

6/22/2006

20 yards of dirt later…

by @ 12:00 am. Filed under house stuff

So the 10 yards of dirt I had previously gotten turned into 20 yards of dirt and when it was all said and done i probably could have used yet another 20 yards. After using shovels and wheelbarrows for a couple of yards I said this isn’t going to work and ran down and rented a SkidSteer (also known as a skidloader or BobCat if your prefer – basically a mini-tractor with a front bucket).

Obviously that made the job much easier and so I ordered the second 10 yards and had everything done in one day. The dirt was used to level out a lot of low spots in the yard and to make a stone walled wildflower garden which should be very very cool. It all turned out pretty good but now after several days of serious rain I am wondering how much grass seed is still out in the dirt… I may be reseeding. I am expecting to see areas with A LOT of grass and other bald areas. 🙂

Rating 3.00 out of 5

[joeware – never stop exploring… :) is proudly powered by WordPress.]