You receive a "SV_PROBLEM_WILL_NOT_PERFORM" error message when you try to raise the domain functional level to Windows Server 2003 on a domain controller that is running Windows Server 2003 Service Pack 1 (895139)


The information in this article applies to:

  • Microsoft Windows Server 2003 SP1, when used with:
    • Microsoft Windows Server 2003, Standard Edition
    • Microsoft Windows Server 2003, Enterprise Edition
    • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard x64 Edition

SYMPTOMS

Consider the following scenario:
  • On a domain controller that is running Microsoft Windows Server 2003 with Service Pack 1 (SP1), you try to raise the domain functional level to Windows Server 2003 by using one of the following methods:
    • You modify the value of the msDS-Behavior-Version attribute on the domainDNS object.
    • You use the Ldp.exe utility or the Adsiedit.msc utility.
  • The domain is not in native mode when you try to raise the domain functional level to Windows Server 2003.
In this scenario, the operation fails, and you receive the following error messages:
SV_PROBLEM_WILL_NOT_PERFORM
ERROR_DS_ILLEGAL_MOD_OPERATION
Additionally, you receive the following message in the Directory Services event log: Active Directory could not update the functional level of the following domain because the domain is mixed mode.

CAUSE

The Schema Admins and Enterprise Admins security groups are not configured to use the universal group scope even though the forest functional level is set to Windows Server 2003.

Note The forest functional level is set to Windows Server 2003 when the value of the msDS-Behavior-Version attribute is set to 2.

RESOLUTION

To resolve this problem, a domain administrator can change the domain mode to native mode by using one of the following tools:
  • The Active Directory Users and Computers snap-in
  • The Active Directory Domains and Trusts snap-in
A domain administrator can also programmatically change the value of the ntMixedDomain attribute on the domainDNS object to 0.

To verify that the domain mode has been changed to native mode, determine whether the following event has been logged in the System event log: Event Type: Information
Event Source: SAM
Event ID: 16408
Description: "Domain operation mode has been changed to Native Mode. The change cannot be reversed."

MORE INFORMATION

When you use the Windows Server 2003 administration tools to raise the domain functional level, the ntMixedDomain attribute and the msDS-Behavior-Version attribute are modified in the correct order. However, if you manually or programmatically set the msDS-Behavior-Version attribute to 2 and then raise the forest functional level to Windows Server 2003, the following events occur:
  • The ntMixedDomain attribute is set to 0.
  • The scope for the Schema Admins and Enterprise Admins groups is not changed to universal as you expect.
Domain controllers that are running Windows Server 2003 Service Pack 1 block the transition to a forest functional level until the following conditions are true:
  • The domain is in native mode.
  • The required change in security group scopes is configured in all domains.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:

322692 How to raise domain and forest functional levels in Windows Server 2003

Modification Type:MinorLast Reviewed:10/26/2005
Keywords:kbtshoot kbprb kbinfo KB895139 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.