Author: Bob Lin

EDIWAX WiFi AP default username and password: admin/1234

default IP: 192.168.2.1.

1. Login domain admin account in one of Domain controllers.
2. Open Active Directory Users and Computers by clicking Start > All Programs > Administrative Tools, and then click Active Directory Users and Computers.
3. Right-click the domain node and then click Raise Domain Functional Level

4. Under Select an available domain functional level, select domain function level.

5. When popup warning message, click Ok.

6. Click OK when you will receive an acknowledgement message telling you that the operation was completed successfully.

7. Go to Active Directory domains and trusts and right click on it. Select Raise Forest Function Level.

To check the domain and forest function level, please refer to this page:

• How to check Domain and Forest function level status

Q: What can be done prior to raise Windows function level?

A: Verify that Active Directory is replicating properly to all DCs. The Domain and Forest Functional Levels are essentially just attributes in Active Directory. The Domain Functional Level for all domains must be properly replicated before you’ll be able to raise the Forest Functional level. This practice also addresses the question of how long one should wait to raise the Forest Functional Level after you’ve raised the Domain Functional Level for all the domains in the forest. Well…what is your end-to-end replication latency? How long does it take a change to replicate to all the DCs in the forest?

Q: Which client and server OS are supported to join Windows domain?

A: Quoted from Microsoft article:

The following Windows client and Windows Server operating systems are supported for domain member computers with domain controllers that run Windows Server 2012 or later:

• Client operating systems: Windows 8.1, Windows 8, Windows 7, Windows Vista
  • Computers that run Windows 8.1 or Windows 8 are also able to join domains that have domain controllers that run earlier version of Windows Server, including Windows Server 2003 or later. In this case however, some Windows 8 features may require additional configuration or may not be available. For more information about those features and other recommendations for managing Windows 8 clients in downlevel domains, see Running Windows 8 member computers in Windows Server 2003 domains.
• Server operating systems: Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, Windows Server 2003

Q: Our Domain is Windows 2012 R2 wit 2003 function level. If we upgrade to Windows 2012 R2 function level, does that cause any problem on Windows 2008 servers?

A: That should be fine. Quote from Microsoft article:

Windows Server 2012 requires a Windows Server 2003 forest functional level. That is, before you can add a domain controller that runs Windows Server 2012 to an existing Active Directory forest, the forest functional level must be Windows Server 2003 or higher. This means that domain controllers that run Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003 can operate in the same forest, but domain controllers that run Windows 2000 Server are not supported and will block installation of a domain controller that runs Windows Server 2012. If the forest contains domain controllers running Windows Server 2003 or later but the forest functional level is still Windows 2000, the installation is also blocked.

Q: We are small company and running two Windows 2012 r2 as domain controllers. We are planning to use Microsoft cloud services and will sync our active directory to Azure Active directory.

Can we sync our Windows 2012 r2 AD to azure AD 2016?

A: It should work. Azure AD has no versioning and you can sync your 2012 R2 environment.

Q: We are small company and running two Windows 2012 r2 as domain controllers. We are planning to use Microsoft cloud services and will sync our active directory to Azure Active directory.

To answer some questions from the form sent to us, what are the Forest Name, Forest, site. I can search for the concepts, but can someone give me the example or where can I find them?

The article I read are example, forest name=forest.local, domain name is domain.local, Forest=corporate.local, domain=corporate.local, site=datacenter. I assume since we have only one forest and one domain, all forest name, forest, domain name and domain are the same, for example mydomain.com. The site is Default-First-Site-Name? Not sure.

A: Run PowerShell commands:

Get-ADForest

Get-ADDomain

To manage MFA verification settings such as Call phone number, Authentication app, go to this page: https://aka.ms/mfasetup or https://account.activedirectory.windowsazure.com/proofup.aspx?proofup=1

Or follow these steps:

1. Sign in to Office 365 using your password and verification code.
3. Choose Settings > Office 365.
4. Choose Security & Privacy > Additional security verification.
5. Choose Update my phone numbers used for account security. This will display the following page:

Please view this step by step video:

1. Login Microsoft Azure portal using admin account.
2. Go to Azure Active Directory>Users, click Multi-factor authentication.
3. Click on service settings. Here you can setup Allow users to create app password to sign in to non-browser apps, trusted ips, verification options, remember MFA.