0X00002179

Fix ERROR_DS_NO_BEHAVIOR_VERSION (0X00002179) on Domain Controllers

Windows Errors Intermediate 👁 1 views 📅 May 27, 2026

Active Directory can't create the domain because the forest or domain functional level isn't set. You'll need to raise it to at least Windows Server 2008.

Quick answer for advanced users: Run adprep /forestprep and adprep /domainprep /gpprep on the Schema Master, then raise the forest functional level to at least Windows Server 2008 using Active Directory Domains and Trusts.

Why You're Seeing 0X00002179

This error pops up when you try to promote a new domain controller (typically running Windows Server 2012 R2 or newer) into an existing forest, but the forest or domain functional level hasn't been set to a version that supports the new server's behavior version. I've seen this most often in shops that migrated from Windows Server 2003 or 2008 and forgot to bump the functional level after decommissioning the old hardware.

The core issue: Active Directory relies on a domain behavior version to decide which features it can turn on. If that value is missing or set way too low (like Windows 2000 native), the new DC doesn't know what to do and throws 0X00002179 during the prerequisite check or at the end of dcpromo. It's a protection mechanism—AD refuses to create a domain that might break replication or feature compatibility.

Step-by-Step Fix

Step 1: Verify Current Functional Levels

Open Active Directory Domains and Trusts (domain.msc). Right-click the forest root and choose Raise Forest Functional Level. If it's greyed out or already at Windows Server 2008 or higher, skip to Step 3. If it shows Windows 2000 or Windows Server 2003, you need to raise it.

Also check the domain functional level—right-click your domain in the same console. Both must be at least Windows Server 2008 for Windows Server 2012 R2 DCs, or Windows Server 2012 R2 for Server 2016/2019/2022 DCs.

Step 2: Run Adprep from the New Server's Installation Media

You need to run adprep from the version of Windows you're adding. For example, if you're adding a Windows Server 2022 DC, run adprep from its \support\adprep folder on the Schema Master. Here's what to do:

  1. Log into the Schema Master (the DC holding the Schema FSMO role).
  2. Insert the new server's ISO or mount the installation files. Navigate to \support\adprep.
  3. Open an elevated command prompt and run: 
    adprep /forestprep
    Confirm the operation when prompted. This updates the forest schema to support the new behavior version.
  4. Then run: 
    adprep /domainprep /gpprep
    This preps the domain and updates Group Policy objects.

Important: If you get an error during adprep, check that you're running it on the Schema Master and that replication is healthy. Use repadmin /showrepl to verify.

Step 3: Raise the Functional Levels

Back in Active Directory Domains and Trusts, right-click the forest root and choose Raise Forest Functional Level. Select the minimum required for your new DC—for Server 2012 R2, pick Windows Server 2008 or higher; for Server 2016+, pick Windows Server 2012 R2. Click Raise.

Repeat for the domain level: right-click your domain, choose Raise Domain Functional Level, and pick the same or higher version. Don't go higher than necessary if you still have older DCs—you can't downgrade without demoting them.

Step 4: Force Replication and Retry Promotion

On the Schema Master, open an elevated PowerShell or command prompt and run:

repadmin /syncall /AdeP

This forces replication to all DCs. Wait 5-10 minutes for changes to propagate, then on the new server, retry the promotion using Server Manager -> Add Roles and Features -> Active Directory Domain Services. The error should be gone.

If the Main Fix Fails

Sometimes raising the functional level isn't enough because the attribute domainBehaviorVersion or msDS-Behavior-Version is corrupt or missing. Here's what else to try:

Check for Domain Controllers Running Older OS Versions

Run this PowerShell command on any DC:

Get-ADDomainController -Filter * | Select-Object Name, OperatingSystem, Site

If you see a DC stuck at Windows Server 2003 or older, demote it first. A DC running an older OS than the functional level will block the raise. I once spent an afternoon tracking down a phantom Server 2003 DC that was offline but still listed in AD—had to use ntdsutil to forcibly remove its metadata.

Use ADSI Edit to Manually Set the Behavior Version

This is risky—only do it if adprep and the GUI both fail. Open ADSI Edit, connect to the Domain partition, navigate to DC=yourdomain,DC=com, right-click it, choose Properties, and find msDS-Behavior-Version. Set it to:

  • 1 for Windows Server 2003
  • 2 for Windows Server 2008
  • 3 for Windows Server 2008 R2
  • 4 for Windows Server 2012
  • 5 for Windows Server 2012 R2
  • 6 for Windows Server 2016
  • 7 for Windows Server 2019
  • 8 for Windows Server 2022

Also check the domainBehaviorVersion attribute on the same object—set it to the same numeric value. Then force replication and retry promotion.

Prevention Tip

Before you demote any old DC, always raise the functional level first. I kept a checklist on my desk: demote, then raise. If you raise before demoting, you'll catch this error before it bites you during the next promotion. Also, after adding a new DC, wait 15 minutes and verify replication before promoting the next one.

Was this solution helpful?

ERROR_DS_NO_BEHAVIOR_VERSION_IN_MIXEDDOMAIN 0X00002179 Active Directory domain creation fails forest functional level error domain functional level missing Windows Server 2008 functional level adprep /forestprep adprep /domainprep mixed domain error SYSVOL replication issue dcpromo fails server 2012 domain controller error Windows Server 2016 functional level active directory domain services fix 0x00002179