Link to home
Start Free TrialLog in
Avatar of rsnellman
rsnellmanFlag for United States of America

asked on

Do I go with Server 2016 AD CS or Server 2019 AD CS in my current environment???

Hi, trying to decide on or figure out what version of AD CS (Active Directory Certificate Services) to migrate / upgrade to in my current environment.

Current Environment:

- FFL: 2008 R2  (Will elevate to 2016 after 2008 R2 DC's are removed)
- DFL: 2008 R2  (Will elevate to 2016 after 2008 R2 DC's are removed)

- Windows Server 2016 domain controllers
- Windows Server 2008 R2 domain controllers  (Soon to be decommissioned)

- Windows Server 2008 R2 AD CS

- Exchange Server 2010 (latest patches)  (Soon to be replaced by Exchange 2019)



So, my question is do I stick to Server 2016 AD CS to match my new DC's?  Or do I go to Server 2019 AD CS?

What's MS best practice?

Originally, years ago when I was deploying my Server 2008 R2 DC's, I went with Server 2008 R2 AD CS...mainly because there wasn't another option (it was pre-Server 2012/2012 R2).


Now that I have options, just wondering which route to go.


Thanks in advance.
Avatar of Alex
Alex
Flag of United Kingdom of Great Britain and Northern Ireland image

Well,

The question isn't why you would go with 2019, it's why wouldn't you, also why wouldn't you upgrade your FFL and DFL at the same time?

Realistically, if you don't have any applications which require a specific schema then upgrade it.

Regards
Alex
Avatar of rsnellman

ASKER

Thanks Alex.

Well, Exchange 2010 only supports up to 2016, which is why I am upgrading from 2008 R2 to 2016 rather than jumping all the way to 2019 at this time.

And Exchange 2019 only supports down to 2016.


And yes, I do plan to upgrade my FFL & DFL to the same levels once the restrictions/limitations of having 2008 R2 DC's and Exchange 2010 are removed from my environment.
ASKER CERTIFIED SOLUTION
Avatar of Rodney Barnhardt
Rodney Barnhardt
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks Rodney.

Good point.  I do recall seeing that when researching my options while implementing new DC's.

As for choosing 2016 DC's to implement over 2019 DC's, it came down to my on-prem. Exchange 2010 restrictions and since I planned to replace it with Exchange 2019 soon.  My only "meet me in the middle" option was to go up to 2016 DC's where my current Exchange 2010 supports up to and where Exchange 2019 supports down to.

Or else I would have just jumped to 2019 DC's, etc.


So, back to my original question(s).
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
So, my question is do I stick to Server 2016 AD CS to match my new DC's?  Or do I go to Server 2019 AD CS?

Go with 2019 so you don't have to faf about with it later.
Go with 2019 if you have 2019 CALs. Otherwise 2016.
Yes, Exchange 2010 only supports 2016 as far as domain functional level and forest, but the OS of the server can be 2019. I can tell you from experience that we ran our new DC's on Windows Server 2019 with Exchange 2010 still in the environment. We actually had Microsoft on premise for the planning as part of our EA agreement. We installed our first Windows Server 2019 back in April, but did not decommission our Exchange 2010 environment until about a month ago. In fact, in this discussion, someone did the same thing if you scroll down to the most recent comments.

https://techcommunity.microsoft.com/t5/Windows-Server-for-IT-Pro/Exchange-Server-2010-amp-Windows-Server-2019-DCs/m-p/701288
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks for the clarification David and Rodney.

So, if I am using Server 2016 as DC's and will be elevating my FFL & DFL to Server 2016, shouldn't I consider keeping it across the board and use Server 2016 for my AD CS server?


Not sure when I would have time to upgrade/migrate to Server 2019 after this project. It could be another 6 months or 12 months or a few years.  Just unsure at this time.


Thanks again.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
kevinhsieh,
I wasn't sure since it would be hosting AD CS server role whether just treat it like my typical member servers or it requires special considerations due to hosting AD CS.


Thanks.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial