Exchange Server 2007 and Domain Functional Level issues
Hi All, I am implementing an Exchange Server 2007 to a company that has the following setup of Active Directory: HO Site = 2 DCs (Parent/Root Domain) 50 Branch Site = 1 DC per Branch (Child Domain) Domain Functional Level = Windows 2000 Mixed Mode Forest Domain Functional Level = Windows 2000 Mixed When I install(HO Site) Exchange Server 2007 during the Organization Pre-req, i found out that the current AD/DC has DFL Windows 2000 Mixed Mode. Raising these Domain Functional Level into atleast Windows 2000 Native Mode is quite challenging tasks. Before raising the DFLs, i tested it in Test Lab to ensure what are the issues we might encounter, and it seems to be smooth. When i raised the DFL of Child Domain in the branch i encountered the following "Error: Unable to logon due to account restriction " or "Error: Unable to logon,make sure your username and password is correct ", right after i restarted the server and this is also the error that is encountered by the users(workstations). I've done some workaround that i get in forums, it says that its "Blank Passwords", or DNS issues, sometimes it work and sometime it's not. What i want to know is that why is it appears only after i raised the DFL?Is there any work around to prevent it? Hope you guys have some ideas on this. Thanks a lot. LRMCP
April 16th, 2009 2:51pm

Hello LRMCPA couple of questions for you:1. Do you have any DCs in the child domain that are still running Windows NT?2. Did you run DCDIAG prior to moving to native mode? I would like to see if there were any existing issues/concerns with the mixed mode environment.3. Can you verify that you followed the steps enclosed in this technet article?http://technet.microsoft.com/en-us/library/cc776703.aspxOok
Free Windows Admin Tool Kit Click here and download it now
April 16th, 2009 5:39pm

Hi! Thanks for the reply. Well, i checked the technet first prior to raising the DFL. There's no DC's in the Forest running NT4, all are running Win2K3. Been hesitant to proceed on raising the DFL of remaining DCs co'z of the error in logon and this may disrupt the operations of the branch. In addition, theres no GPO deployed/configured in the DCs and workstations that might be the causing the said error. Thanks. LRMCP
April 17th, 2009 10:40am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics