Can we install 2003 AD services on 2016 OS ?

Our AD domain functional level is still on 2003. Our current Domain Controllers are on either 2003 or 2008R2. We recently have purchased some more new MS server licenses which come with 2016. Question to you, considering our current functional level is still on 2003, can we add 2016 server to be our domain controller and hope it will work well with other 2003/2008 domain controllers? Is there any compatibility issue for doing that?
CastlewoodAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LearnctxEngineerCommented:
considering our current functional level is still on 2003, can we add 2016 server to be our domain controller and hope it will work well with other 2003/2008 domain controllers?

No you cannot. You will need to demote your 2003/2003 R2 domain controllers. Refer to the Microsoft documentation around Server 2016 an DFL/FFL. Server 2016 will support 2003 DFL/FFL, but you must remove the 2003 DC's as per the documentation.

For customers who need additional time to evaluate moving their DFL & FFL from 2003, the 2003 DFL and FFL will continue to be supported with Windows 10 and Windows Server 2016 provided all domain controllers in the domain and forest are either on Windows Server 2008, 2008R2, 2012, 2012R2, or 2016.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cliff GaliherCommented:
2003 is officially very out of support so any scenario is unsupported. With that said, I can say from experience that, for the moment, you can have 2016 member servers in a 2003 domain.  However those 2003 domain controllers don't support moderm crypto standards so you get a *lot* of noise in the event logs and not all apps that require strong authentication will work.

Please please *PLEASE* retire those 2003 domain controllers.  There is no justifiable explanation for keeping 2003 domain controllers, long out of support and with known security flaws, in production.
Tom CieslikIT EngineerCommented:
If you have 2008 DC just rise functionatility level to 2008, then demote 2003, install new 2016 server and rise funtionality level to maximum possible.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Cliff GaliherCommented:
"just rise functionatility level to 2008, then demote 2003"

Cant do it in that order.  Gotta demote before you raise functional levels.  Functional levels have to be as low as or lower than the LOWEST domain controller.
LearnctxEngineerCommented:
you can have 2016 member servers in a 2003 domain

I must have misread the original question. I thought he meant a 2016 DC.
Seth SimmonsSr. Systems AdministratorCommented:
just to provide more documentation on the matter which should answer everything including previous comments...

Forest and Domain Functional Levels
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels
PberSolutions ArchitectCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- Learnctx (https:#a42409806)
-- Cliff Galiher (https:#a42409822)
-- Seth Simmons (https:#a42410773)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Pber
Experts-Exchange Cleanup Volunteer
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.