We are in the process of replacing all of our Windows 2003 domain controllers with Windows 2008 R2 domain controllers. Once completed, we would like to then raise the domain functional level (of our forest and the domains) from 2003 mixed mode to 2008 native mode.
Our Exchange environment is already on 2010. We have a number of other member servers still running Windows 2003. We also have some Intranet servers and other .NET/IIS applications that us AD for authentication. Finally, our public-facing WEB servers uses the IIS shared config feature and pull configurations from a NAS appliance, again using AD for authentication.
My question is as follows; are there any known issues or risks to be aware of with our servers, particularly the public-facing WEB servers, if/when we raise the Forest/Domain levels to 2008 native mode?
Thank you.
Best Answer
The primary issues that we have dealt with in our (very) large distributed environment deploying 2008 DCs and preparing to go to 2008 R2 forest functional level mostly had to do with changes to Server 2008 itself. This TechNet page is a good place to start.
Our biggest issue was with older NAS devices and in-house apps. It's discussed briefly in the article I linked.
Making these changes has some significant security trade-offs, so it's probably best to remediate where you can.
Also, if you have a fairly complex network design the changes to the RPC dynamic ports used by 2008 may cause you some grief, but that is mostly fixed with updated firewall rules.
There seems to be some debate as to whether Exchange 2003 SP2 is really supported in a 2008 R2 forest, but according to Microsoft's Exchange Server Supportability Matrix it is. I'm not really an Exchange guy, so I can't help you much there, but my Exchange guys are asking us to wait until they can deploy Exchange 2010 to avoid any potential issues.