Windows Server 2008 R2 introduces the ability to revert to an earlier forest or domain functional level. Previous versions of Active Directory did not have this ability and raising the forest or domain function level was, effectively, a one-way operation. I say “effectively” because it is possible to revert, but only through highly disruptive recovery operations (full forest recovery in the case of a forest functional level upgrade).
I’ve actually not experienced or even heard of anyone having serious problems following a functional level upgrade, but that’s not really the point. Have you ever tried to get approval from a Change Manager when your proposed backout plan involves a full forest outage of 12 hours or more? In providing a mechanism for reversing a functional level upgrade, Microsoft has responded to customer demand for peace of mind, rather than a fix for a known problem.
This article shows how to raise the forest functional level and then revert it using Powershell commands. The screenshots shown below are from running the commands in Powershell ISE.
On a Domain Controller, open a Powershell prompt and (assuming you don’t already have it) import the Active Directory Powershell module.
Import-module ActiveDirectory
Show the current Domain Functional Level
get-addomain | format-list domainmode
Show the current Forest Functional Level
get-adforest | format-list forestmode
Set the Forest Functional Level to Windows 2008 R2 (Forest Functional Level 4)
set-adforestmode -identity ad.contoso.com -forestmode windows2008R2forest
Show the current Forest Functional Level
get-adforest | format-list forestmode
Revert the Forest Functional Level to Windows 2008 (Forest Functional Level 3)
set-adforestmode -identity ad.contoso.com -forestmode windows2008forest
Show the current Forest Functional Level
get-adforest | format-list forestmode
You should see that the functional level has reverted successfully.
Note that after raising the functional level certain subsequent operations prevent you from reverting. One of these operations is enabling the AD Recycle Bin, as shown below.
Enable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target ad.contoso.com
After enabling the AD Recycle Bin you will receive the error below if you try to revert the functional level.
Another limitation is that you can currently only revert from Windows Server 2008 R2 functional level to Windows Server 2008 functional level. In other words, the feature has not be retro-fitted to support earlier functional levels.
As you can see, raising and reverting the functional level is fairly straightforward operation once you have the appropriate Powershell commands. It should give you (and your Change Manager) a degree of comfort when planning your upgrade. 🙂