![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 81%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGD%3C/text%3E%3C/svg%3E)
Active Directory
A set of directory-based technologies included in Windows Server.
5,898 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 9%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWL%3C/text%3E%3C/svg%3E)
Hello
Raising the Domain Functional Level (DFL) and Forest Functional Level (FFL) from Windows Server 2008 R2 to Windows Server 2016 is a significant step in an Active Directory modernization project. Here are some key points to consider:
Risks and Issues:
Once the DFL and FFL have been upgraded, new Domain Controllers (DCs) running on downlevel versions of Windows Server cannot be added to the domain or forest.
The problems that might arise when installing downlevel DCs become pronounced with new features that change the way objects are replicated (i.e., Linked Value Replication).
The Windows Server 2008 R2 Domain or Forest Functional level can be lowered to Windows Server 2008, and no lower, if and only if none of the Active Directory features that require a Windows Server 2008 R2 Functional Level has been activated.
Raising the DFL and FFL are one-way operations that cannot be reversed.
Proper Path to Raise DFL and FFL Levels:
Ensure all your domain controllers are running at least Windows Server 2008.
Remove any domain controllers running on an unsupported version of Windows Server.
If you created the domain at a lower functional level, you will need to migrate from using FRS to DFS replication for SYSVOL.
Go to Active Directory Domains and Trusts. In the left pane, right-click on Active Directory Domains and Trusts and select Raise Forest Functional Level.
Select the required functional level, in this case, select Windows Server 2016.
Right-click on the domain name, and select Raise Domain Functional Level.
In the window that opens, select the functional level Windows Server 2016, and click the Raise button.
Functional levels do not affect which operating systems you can run on workstations and member servers that are joined to the domain or forest. So, your existing XP client and Windows 2003 member server will still be able to authenticate.