3.2.19 Example 19: Raise the Domain Functional Level
In this example, an administrator uses LDAP to modify the msDS-Behavior-Version attribute ([MS-ADA2] section 2.246 and [MS-ADTS] section 18.104.22.168.22.214.171.124) to an incremented value in order to raise the domain functional level. To perform this task, an administrator runs a client application on a client computer that targets a directory server in the Active Directory system and raises the domain functional level ([MS-ADTS] section 126.96.36.199).
This example applies only to AD DS.
This example covers the use case in section 188.8.131.52, "Modify Directory Object - Client Application".
The general requirements set forth in section 2.6, "Assumptions and Preconditions".
The Active Directory system meets all preconditions described in section 184.108.40.206.
Initial System State
Final System State
The crossRef object is modified, and the domain functional level is raised.
Sequence of Events
The following sequence diagram shows the message flow that is associated with this example.
Figure 65: Message flow to raise the domain functional level
Unless otherwise noted, all responses that include a return code contain a return code that indicates that the operation was successfully performed.
An LDAP search request ([RFC2251] section 4.5.1) is sent to the directory to query the base domain to look for the msDS-Behavior-Version attribute ([MS-ADA2] section 2.207 and [MS-ADTS] section 220.127.116.11.18.104.22.168).
The directory server sends an LDAP search response ([RFC2251] section 4.5.2) that contains the current domain functional level value (2, DS_BEHAVIOR_WIN2003, [MS-ADTS] section 22.214.171.124).
The user interacts with the client application and provides the name of the domain NC and the new domain functional level (3, DS_BEHAVIOR_WIN2008, [MS-ADTS] section 126.96.36.199).
An LDAP modify request ([RFC2251] section 4.6) is sent to the directory server. The LDAP modify operation contains the distinguishedName of the domain along with the msDS-Behavior-Version attribute ([MS-ADA2] section 2.207) as a replace operation with the value of 3.
If necessary, the client application reroutes the modify request ([RFC2251] section 4.6) to the PDC FSMO if a referral was returned from the initial modify request. This is because only the PDC FSMO role holder can perform this modification ([MS-ADTS] section 188.8.131.52).
The directory server processes the modify request and verifies the processing rules and constraints as described in [MS-ADTS] sections 184.108.40.206.1 and 220.127.116.11.3. It then sends an LDAP modify response ([RFC2251] section 4.6) that indicates success.
The client application sends an LDAP unbind request ([RFC2251] section 4.3) to the directory server. The LDAP connection to the directory server is closed.