0X00002130

Fixing ERROR_DS_DST_DOMAIN_NOT_NATIVE (0X00002130) in AD migrations

Windows Errors Intermediate 👁 0 views 📅 Jun 10, 2026

This error pops up when you try to move objects to a domain still in mixed mode. Switch the destination domain to native mode, then retry.

You're halfway through an Active Directory migration, moving users or groups between domains, and then this pops up: ERROR_DS_DST_DOMAIN_NOT_NATIVE with code 0x00002130. Frustrating, I know. The fix is straightforward once you understand what's happening.

The Quick Fix: Raise the destination domain to native mode

What's actually happening here is the destination domain is still running in mixed mode — a compatibility mode that allows down-level domain controllers (NT 4.0 or earlier) to co-exist. The migration tool you're using (like ADMT) refuses to proceed because some operations, especially security group transformations, require a native-mode domain.

  1. Open Active Directory Domains and Trusts — on a domain controller in the destination domain, or from any machine with RSAT tools installed and permissions.
  2. Right-click the destination domain (the one you're migrating to) in the left pane, then select Raise Domain Functional Level.
  3. Choose 'Windows Server 2003' or higher. For modern environments (2012 R2, 2016, 2019, 2022), you'll likely pick the highest available. This changes the domain functional level, which effectively puts the domain into native mode.
  4. Click Raise. A warning will appear saying this change is irreversible. That's fine — you can't go back once raised, but you rarely need to.
  5. Wait for replication (or force it with repadmin /syncall). The change needs to propagate to all domain controllers before it's visible.
  6. Retry your migration operation. The error should disappear.
# Verify the current functional level of a domain
Get-ADDomain | Select-Object DomainMode
Note: If you're using ADMT (Active Directory Migration Tool) with SID history, the destination domain must be in native mode. Mixed mode doesn't support SID history at all. So if you get this error during a SID-history migration, that's your clue.

Why this works

The reason step 3 works is tied to how Active Directory handles security group types. In mixed mode, the domain supports both security groups and distribution groups, but it also allows NT 4.0 replication semantics. When you migrate objects between domains — especially groups — the directory service needs to create universal groups or convert group scopes (global to universal), which only works in native mode.

Think of mixed mode as a bridge backward: it sacrifices some modern features (like universal group caching, SID history) to keep old DCs in the picture. Once you raise to native mode, you're saying 'we're done with backward compatibility, give us full AD functionality.' The error code 0x00002130 is literally the OS telling you: I can't do this operation while you're still in bridge mode.

There's no other way around it. You can't skip this step, and you can't modify permissions or use a different tool to bypass it. The domain must be native.

Less common variations of the same issue

  • You're not running a migration — but you get this error anyway. This happens if you try to create a universal group via script or manually in a domain that's still mixed mode. The fix is identical: raise the functional level.
  • Error appears on a child domain, but the parent domain is fine. Each domain in a forest has its own functional level. A child domain can be native while the parent is mixed, or vice versa. Check the destination domain specifically — don't assume it matches the forest level.
  • You see this after a domain controller upgrade. For example, you had a Windows Server 2003 DC in mixed mode, replaced it with a 2016 DC, and now the migration fails. The functional level doesn't automatically raise when you swap hardware — you have to do it manually.
  • Using PowerShell instead of GUI. You can raise the functional level with Set-ADDomainMode -Identity "yourdomain.com" -DomainMode Windows2016Domain. Same logic applies.

Prevention: Plan functional levels ahead of time

Before you start any cross-domain migration, do this:

  1. Document the current functional levels of both source and destination domains. Use nltest /dsregdns or Get-ADDomain.
  2. Raise the destination to native mode before you begin the migration. It's irreversible, but if you're already planning to migrate objects into it, you've already decided that old DCs aren't coming back.
  3. Check forest functional level too. While this specific error targets domain level, a forest in mixed mode can also block certain migration features (like moving objects across domains with SID history).
  4. Test in a staging environment first. Spin up two lab domains, one mixed and one native, and run a test migration. See the error happen, then fix it. That way you know exactly what to do when it's production time.

One last thing: don't confuse mixed mode with domain functional level. Mixed mode is an older term from Windows 2000 days, but functionally it means 'domain functional level is Windows Server 2000 or Windows Server 2003 interim'. Raising to Windows Server 2003 or later effectively puts the domain in native mode. Microsoft removed the term 'mixed mode' from newer documentation, but the error code hasn't changed since Windows 2000. So if you see 0x00002130, you're dealing with a legacy state that needs to get upgraded.

Was this solution helpful?

ERROR_DS_DST_DOMAIN_NOT_NATIVE 0X00002130 Active Directory migration domain native mode mixed mode domain functional level move AD objects Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 ADMT Active Directory Migration Tool