# --------------------------------------------------------------------------------------------------- # # Microsoft PowerShell Source File # NAME: RaiseFunc.ps1 # # AUTHOR: Adam Bell, www.leadfollowmove.com # DATE : 04/01/2007 # # COMMENT: Best viewed in Notepad2 # Sample code only. Educational purposes only. # # --------------------------------------------------------------------------------------------------- Set-Variable -name DS_BEHAVIOR_WIN2000 -value 0 -option constant Set-Variable -name DS_BEHAVIOR_WIN2003 -value 2 -option constant $root = [adsi]"" # --------------------------------------------------------------------------------------------------- function RaiseFunctionality # --------------------------------------------------------------------------------------------------- { # Inputs: 1) Domain Object # 2) variable stating desired Functionality level to raise to # Objective: 1) Raise the domain and forest functionality # Returns: 1) nada. Param ( $Domain, $FuncLevel ) # This code is based off the Microsoft KB article #322692, November 18th 2006 # http://support.microsoft.com/?id=322692 # With Server 2003 SP1 it is a requirement that the nTMixedDomain attirbute be set to native # prior to setting the mdDSBehaviorVersion attribute cannot be set beyond Windows 2003 Interim. # This block deals with making the domain Windows 2000 Native $native = $Domain.Get("nTMixedDomain") switch ($native) { 0 { Write-Host "Domain is already Native"} default { $Domain.Put("nTMixedDomain", 0) $Domain.SetInfo() Write-Host "Changed domain from Mixed-Mode to Native" } } # Now we can raise the functionality on the domain to Windows 2003 # This process presumes that only a sinlge domain exists in the forest. # If this is not the case the attribute will need changing on the root # of the NC for each domain. $DomFuncLevel = $Domain."msDS-Behavior-Version" switch ($DomFuncLevel) { $FuncLevel { Write-Host "Domain functionality is already at" (LookupFunc $FuncLevel) } default { $domain.put("msDS-Behavior-Version",$FuncLevel) $domain.SetInfo() Write-Host "Domain functionality raised from" (LookupFunc $DomFuncLevel) "to" (LookupFunc $FuncLevel) } } # Now we can raise the functionality on the Forest to Windows 2003 $Partitions = [adsi]("LDAP://cn=partitions,cn=configuration,"+$domain.distinguishedName) $ForFuncLevel = $Partitions."msDS-Behavior-Version" switch ($ForFuncLevel) { $FuncLevel { Write-Host "Forest functionality is already at" (LookupFunc $FuncLevel) } default { $Partitions.put("msDS-Behavior-Version",$FuncLevel) $Partitions.SetInfo() Write-Host "Forest functionality raised from" (LookupFunc $ForFuncLevel) "to" (LookupFunc $FuncLevel) } } } # --------------------------------------------------------------------------------------------------- function LookupFunc # --------------------------------------------------------------------------------------------------- { # Inputs: 1) Integer identifying the Functionality Level # Objective: 1) Map this to a human understandable value # Returns: 1) The text string appropriate to the func level. Param ( $Func ) switch ($Func) { 0 {"Windows 2000"} 1 {"Windows 2003 Interim"} 2 {"Windows 2003"} } } # --------------------------------------------------------------------------------------------------- # Example calling statement: RaiseFunctionality $root $DS_BEHAVIOR_WIN2003