Upgrading domain controllers - compatibility

Question

I am trying to track down official documentation for domain controller compatibility. We are behind the ball and still have some 2008R2 DC's, I want to make sure that i can go to 2019 both with just the OS compatibility and also the functional level upgrade, what are the oldest client OS for workstations and servers that each functional level can support. We have some applications that vendors are still requiring older OS's so I need to make sure i don't end up kicking anything off the domain as we upgrade.

I have been trying to find a document that shows each functional level with the oldest OS each one supports but my searches have not tracked something down yet.

Answer 1

The two prerequisites to introducing the first 2019 domain controller are that domain functional level needs to be 2008 or higher
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels

and older sysvol FRS replication needs to have been migrated to DFSR
https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting. Then stand up the new 2019, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one and move on to next one.

Any currently supported operating systems for member servers and desktops are fine to use.

--please don't forget to Accept as answer if the reply is helpful--

Answer 2

Hi @Thomas Szilagyi

I believe the documents you are looking for are these ones:

1. Forest and Domain Functional Levels: As you can see there is no new Windows Server 2019 Functional level
2. Identifying Your Functional Level Upgrade

--I hope this helps. Please Accept it as an answer and "Up-Vote" the answer or message(s) that helped you so that it can help others in the community looking for help on similar topics

Regards,
Didier3001

Answer 3

Unfortunately we still have some OS's that are not on the current supported still in the wild, both workstation and servers. We are still trying to get them upgraded but its still taking time.

Yes I am aware that it is a security issue as they will not get patches.

We go back as far as Windows 7 for desktops and Server 2008 and 2008R2 for servers.

with that said, can we still use 2019 as a domain controller OS or would we have to stop at say 2016. Also what would be the highest domain functional level i could go to until we get these older systems upgraded or off the domain.

Answer 4

It should be fine to use these OSs but may be riskier going forward if extended updates have not been applied.
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/archived-how-to-get-extended-security-updates-for-eligible/ba-p/917807

The highest DFL for 2019 is also 2016. No new functional level features for Server 2019
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels#windows-server-2019

--please don't forget to Accept as answer if the reply is helpful--

Answer 5

Hi @ThomasSzilagyi-1653

Let's go back one step to avoid confusion. There is a big difference between:
Having a Server 2016 as a DC

and

Having a Server 2016 as a DC and have your Domain Functional level to 2016

So what is your Forest and Domain Functional level?