Set the domain functional level for an AD domain.

      Set-ADDomainMode [-Identity] ADDomain
         [-DomainMode] {Windows2000Domain | Windows2003InterimDomain | Windows2003Domain |
                        Windows2008Domain | Windows2008R2Domain | UnknownDomain}
            [-AuthType {Negotiate | Basic}] [-Credential PSCredential] [-PassThru]
               [-Server string] [-Confirm] [-WhatIf] [CommonParameters]

   -AuthType {Negotiate | Basic}
       The authentication method to use:
          Negotiate or 0
          Basic or 1
       A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.

   -Credential PSCredential
       A user account that has permission to perform this action.
       The default is the current user unless the cmdlet is run from an AD PowerShell provider drive
       in which case the account associated with the drive is the default.

       "User64" or "Domain01\User64" or a PSCredential object.

   -DomainMode ADDomainMode
       The domain mode for an AD domain.
          Windows2000Domain or 0
          Windows2003InterimDomain or 1 
          Windows2003Domain or 2
          Windows2008Domain or 3
          Windows2008R2Domain or 4

   -Identity ADDomain
       An AD domain object:

          Distinguished Name
            Example: DC=strasbourg,DC=corp,DC=SS64,DC=com 
          GUID (objectGUID)
            Example: 90886fbf-2779-48cd-b020-0aa9c94d5c90
          Security Identifier (objectSid)
            Example: S-1-5-21-3465297858-302567370-
          DNS domain name
          NetBIOS domain name
            Example: strasbourg

       The identifier in parentheses is the LDAP display name for the attribute.

       The cmdlet searches the default naming context or partition to find the object.
       If the identifier given is a DN, the partition to search will be computed from that DN.
       If two or more objects are found, the cmdlet returns a non-terminating error.

       This parameter can also accept an object through the pipeline.
   -Server string
       The AD Domain Services instance to connect to, this may be a Fully qualified domain name,
       NetBIOS name, Fully qualified directory server name (with or without port number) or AD Snapshot instance.

       Examples:  demo

       Returns the new or modified object.
       By default (i.e. if -PassThru is not specified), this cmdlet does not generate any output.

       Prompt for confirmation before executing the command.

       Describe what would happen if you executed the command, without actually executing the command.

       -Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
       -OutBuffer -OutVariable.

Set-ADDomainMode sets the domain mode for a domain. Specify the domain mode by setting the -DomainMode parameter.

You can change the domain mode to a mode with higher functionality only. For example, if the domain mode is 'Windows 2003', you can increase the mode to 'Windows 2008'.

The -Identity parameter specifies the AD domain to modify. Identify a domain by its distinguished name (DN), GUID, security identifier (SID), DNS domain name, or NetBIOS name. Alternatively set the -Identity parameter to a domain object variable or through the pipeline. e.g. from Get-ADDomain

Set-ADDomainMode will prompt for permission unless -confirm:$false is specified.


Set the DomainMode property of the domain:

PS C:\> Set-ADDomainMode -Identity -DomainMode Windows2008R2Domain

Set the DomainMode of the current logged on user's domain to Windows2008R2Domain:

PS C:\> $pdc = Get-ADDomainController -Discover -Service PrimaryDC
PS C:\> Set-ADDomainMode -Identity $pdc.Domain -Server $pdc.HostName[0] -DomainMode Windows2008R2Domain

“The people and circumstances around me do not make me what I am, they reveal who I am” ~ Dr. Laura Schlessinger


Get-adDomain - Get an AD domain.
Set-adForestMode - Set the forest mode for an AD forest

Copyright © 1999-2017
Some rights reserved