Issues with a 2016 domain controller in a 2003 active directory forest with 2012 R2 DCS

peter siffredi 41 Reputation points
2023-09-26T14:47:07.0633333+00:00

Hi,

We have 2012 R2 Domain controllers which we do not currently patch (no security updates) as we have Windows NT4 and Windows 2000 clients. The security patches will strengthen encryption and break backward compatibility with these operating systems.

We need to introduce new physical DCs due to the current hardware running out of support. Our Active Directory is at a 2008 domain functional level and 2003 forest functional level.

  1. Given the client operating system constraints, can I introduce new 2016 physical domain controllers?

1b. Given we don't patch the current 2012 R2 DCs due to the interoperability with legacy DCs, if we did introduce a 2016 DC, would it cause issues with the legacy clients?

Thanks

PS - I am aware that NT4 and 2000 are very old, we're working through those upgrades.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,924 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,433 questions
0 comments No comments
{count} votes

Accepted answer
  1. Anonymous
    2023-09-26T14:56:33.13+00:00

    The prerequisite before introducing the first 2016 domain controller: domain functional level needs to be 2003 or higher

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2016, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

    would it cause issues with the legacy clients?

    I'd recommend a test environment to confirm one way or the other.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.