How to lower ActiveDirectory functional levels

Toru Nakanishi 0 Reputation points
2024-12-20T06:42:00.91+00:00

Hello!

I run 2 AD servers with Windows Server 2016 ,and have a forest composed of these 2 servers.

The domain and forest functional levels are 2012 now, and I want to rise them to 2016.

Just in case,I made backups of ver.2012 and then increased the functional levels.

The levels increase successfully.

Then, I try to roll back by restoring with the backups.But the domain and forest levels don't go back to 2012.

I want to know why the levels don't go back.

(I know I can decrease the levels by PowerShell Command ,but I just want to know the way by using backups)

I refer to this page: https://learn.microsoft.com/en-gb/windows-server/identity/ad-ds/manage/forest-recovery-guide/ad-forest-recovery-faq

Thank you.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,478 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,764 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Daisy Zhou 26,871 Reputation points Microsoft Vendor
    2024-12-20T13:43:53.9466667+00:00

    Hello

    Thank you for posting in Q&A forum.

    Based on my knowledge, we can raise or lower functional level using PS command or GUI.

    User's image

    Rolling back domain and forest functional levels by restoring from backups is not a straightforward process because Active Directory functional level changes are strictly monitored and recorded. Here are several reasons why your attempt to roll back the functional levels using backups didn't work:

    1. Replication Across Domain Controllers:

    When you change the functional level of a domain or forest, this change is replicated across all domain controllers in the forest. Simply restoring one or both domain controllers from a backup does not reverse the change because other domain controllers in the environment will still recognize the higher functional level and replicate that change back to the restored domain controllers.

    1. Backup Consistency:

    Restoring from backups might not handle all the necessary nuances involved in reversing functional level changes. Active Directory keeps track of these changes through certain attributes and metadata, which aren't adequately undone just by restoring backups.

    1. Non-Reversibility of Functional Levels:

    In general, once you raise the functional level of a domain or forest, there is no direct possibility to lower it back via native administrative tools or backups. This is a design feature to prevent potential issues and inconsistencies within the Active Directory environment.

    1. Object and Attribute Changes:

    Raising functional levels may introduce new features, objects, and attributes that are not present in the previous functional level, and simply restoring from backup does not account for these schema changes.

    If you need to revert the functional level for testing purposes or due to specific needs, the most reliable way is to follow the correct procedures, which typically involve careful use of PowerShell commands or other GUI.

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.