Upgrade Domain Functional Level From 2008 To 2016

Starting in windows server 2008 r2 however.

Upgrade domain functional level from 2008 to 2016. All default active directory features all features from the windows server 2012r2 domain functional level plus the following features. After you set the domain functional level to a certain value in windows server 2008 r2 you cannot roll back or lower the domain functional level with one exception. In the left navigation pane right click the domain for which you want to raise the functional level and then click raise domain functional level. Windows server 2016 windows server 2012 r2 windows server 2012.

When you raise the domain functional level to windows server 2016 and if the forest functional level is windows server 2012 or lower you. This configuration is also known as smart card required for. The raise domain functional level window appears. Sign in to the domain controller holding the pdc emulator fsmo role.

Windows server 2016 domain functional level features. That is before you can add a domain controller that runs windows server 2016 to an existing active directory forest the forest functional level must be windows server 2003 or higher. Upgrading the pdc of a windows nt 4 0 domain as a child domain in an existing windows server 2003 forest where interim forest functional levels had been configured by using the ldp exe file or the adsiedit msc file permits security groups to use linked value replication after the operating system version upgrade. Open active directory domains and trusts domain msc.

Before you can raise domain and forest functional levels you have to evaluate your current environment and identify the functional level requirement that best meets the needs of your organization. When you raise the domain functional level to windows server 2008 r2 and if the forest functional level is windows server 2008 or lower you have the option of rolling the domain functional level back to windows server 2008. Assess your current environment by identifying the domains in your forest the domain controllers that are located in. Dcs can support automatic rolling of the ntlm and other password based secrets on a user account configured to require pki authentication.

After you set the domain functional level to a certain value you cannot roll back or lower the domain functional level with the following exceptions. The only purpose that having such ability would serve would be so that downlevel dcs could be added to the domain. As has already been shown this is generally a bad idea.