Raising the functional level to Windows 2012 or Windows 2012 R2... Will I break anything?
2/26/2016 Update, cf the I disagree with the PowerShell output section.
In short, yes... Meaning that it is possible that you are facing the same problem as the one described here: FIX: "The requested mode is invalid" error message when you run a managed application that uses the .NET Framework 3.5 SP1 or an earlier version to access a Windows Server 2008 R2 domain or forest but for 2012/2012 R2.
What is happening?
The DLL System.directoryservices.dll has a class called System.DirectoryServices.ActiveDirectory.Domain which has a property called DomainMode which tells you what is the functional level associated to the domain you are instantiating. So if you use a version of the Framework which has been release before Windows 2012/2012R2 has been release, you will face the same problem as you faced in the KB mentioned at the beginning of the article. Simple way to check is to use the "Other version" link of the MSDN article:
Unfortunately, it is not up to date. It tells you only the list of supported DomainMode at the time of the realase of the the selected Framework version. You can still use this good old PowerShell to list what your current system supports:
[System.DirectoryServices.ActiveDirectory.DomainMode] | Get-Member -Static -MemberType Properties | Format-Table Name
Here is the output on my machine:
Name
----
Windows2000MixedDomain
Windows2000NativeDomain
Windows2003Domain
Windows2003InterimDomain
Windows2008Domain
Windows2008R2Domain
Windows2012R2Domain
Windows8Domain
I disagree with the PowerShell output
Well even if you have installed the latest .Net Framework, you might see that the PowerShell output doesn't show all the new fancy functional levels. And it has to do with the fact that PowerShell might not use the latest runtime... Try this:
[Runtime.InteropServices.RuntimeEnvironment]::GetRuntimeDirectory()
It will tell you whether or not you are using the latest runtime. If you don't see the expected value in the PowerShell output, make sure it's not a side effect of using the old runtime... How to change that behavior and makes PowerShell use the latest runtime? You can look at the powershell.exe.config file and modify it accordingly... I don't find official guidance around it, so I'll let you bing the world :)
What are the odds?
In order to face this problem, planets needs to be in a perfect alignment.
- Obviously, you need to have only Windows Server 2012/2012 R2 domain controllers.
- You need also a version of the .Net Framework which is not up to date.
- You need to actually use the class and property mentioned above. It means that even if you use an old version of the Framework, you are affected only if you use this class.
What do I do?
Nothing. Because your release management is impeccable, your Framework is probably already up to date. What if it is not the case? Well, you can update it then. Or ask for an updated version of the application using this class. Or if you are your own developer, manage the exception when using the class with some Try Catch logic.
A bit more info about the KB2260240: Raising the functional level - Are you getting cold feet because of KB2260240?
What are the odds?
Comments
- Anonymous
January 01, 2003
.NET SP2 is also affected by the KB mentioned in this article. So in your case you can update the Framework with this KB or install a more recent version of the Framework (higher than 3.5 sp1).
Note that it is not because your DLL is not updated that your application will crash. Your application needs to call that enumeration to be affected. So a code review might be sufficient if you own or can see the code or contacting the vendor if you cannot. - Anonymous
January 12, 2015
"What if it is not the case? Well, you can update it then".
How do you update it? As a test I've installed 2003 server (we have lots) and updated to .NET 2.0 SP2 and run Windows update. I still don't have the updated DLL. Where do I obtain it? - Anonymous
March 01, 2017
Anyone know of a patch to update .Net 3.5.1 to include 2012R2 in the domain list? Or do we have to actually load .Net 4.5+?The patches I see are all for 3.5 to include 2008R2, which was fine years ago... On 2008R2 servers, you usually have .Net 3.5.1 and want to make it compliant with a 2012R2 domain level.- Anonymous
March 09, 2017
In testing this, I find no evidence that loading a new .Net fixes anything. To get the Powershell test to work, you need to also upgrade WMF to 4.0 to get a domain list that contains 2012R2. This may or may not be what software needs to not fail, but it's hard to run a test that doesn't depend on .Net, but depends on WMF, when that isn't the subject of the issue!
- Anonymous