Legacy Server authentication from Windows 2016 DCs

Mahesh Aralelemath 386 Reputation points
2021-03-30T18:05:19.987+00:00

Hi,

We are in process of upgrading all DCs in Domain to Windows 2016 from Windows 2008R2.We have few legacy Windows 2003/XP systems in environment and just worried about the impact as SMBv1 is not enabled in Widows 2016 by default and not encouraged to do so.

Is there a possibility of defining all Windows 2003/XP to get authenticated from Windows 2008R2 DC only?
As of now not seeing issues since Windows 2008R2 DCs are still available.

Any thoughts on this will be really helpful.

Regards
Mahesh

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,124 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,852 questions
Accepted answer
  1. Daisy Zhou 18,701 Reputation points Microsoft Vendor
    2021-03-31T07:45:59.187+00:00

    Hello @Mahesh Aralelemath ,

    Thank you for posting here.

    Is there a possibility of defining all Windows 2003/XP to get authenticated from Windows 2008R2 DC only?
    A: Usually, if Windows 2003/XP machines are in the same sites as DCs with Windows 2008R2 DC, then Windows 2003/XP machines will find Windows 2008R2 DC to authenticate firstly.

    If you have 2008 R2DCs and 2016 DCs in your domain now, during the downtime, you can try to shut down 2008 R2 DC and keep 2016 DCs running if possible, then check if Windows 2003/XP machines can be authenticated by 2016 DC without any failure.

    Hope the information above is helpful.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments

5 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dave Patrick 426.1K Reputation points MVP
    2021-03-30T18:07:47.71+00:00

    The 2003 / XP members should not be a problem at this point in time, but also note they're no longer supported so things can change. Better to update them to a supported operating system.

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments
  2. Mahesh Aralelemath 386 Reputation points
    2021-03-30T18:24:00.11+00:00

    Hi Patrick,

    Thanks
    Yes, upgrade is definite one but wanted to ensure no impact till everything moves to latest version.

    If i understand correctly, you are saying there shouldn't be any issue for Windows 2003/XP systems to get authenticated from Windows 2016 DCs even though SMB1 in Windows 2016 is not enabled manually?

    I was thinking, due to SMB1 un availability, these Windows 2003/XP systems might face login issues /sysvol access issue/Group Policy loading issue.
    Is that not the case and no impact ?

    Regards
    Mahesh

    0 comments
  3. Dave Patrick 426.1K Reputation points MVP
    2021-03-30T18:49:50.37+00:00

    You could check it here and if needed during interim SMBv1 can be enabled on Server 2016.
    https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3#smb-v1-on-smb-server-1

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments
  4. Mahesh Aralelemath 386 Reputation points
    2021-04-02T16:46:45.527+00:00

    Hi Daisy,

    Thanks for the details.
    We are checking this but bit difficult in production environment as we need to plan this and observe.
    If in case these legacy clients are reaching Windows 2016 DCs and getting failed for GPO, SYSVOL or anything, wanted to have the alternate plan in hand.

    Is there anything we can do for these legacy clients to reach only Legacy DCs for authentication?
    I remember, we use to hard code the DC name in LMHost file during NT days. Anything like that is still possible?

    Regards
    Mahesh

    0 comments