How to disable the Windows Firewall with PowerShell in Windows Server 2012/2016/2019? I don't recommend…
Forest and domain functional level compatibility matrix
Functional levels determine the available Active Directory Domain Services (AD DS) domain or forest capabilities. They also determine which Windows Server operating systems you can run on domain controllers in the domain or forest. However, functional levels do not affect which operating systems you can run on workstations and member servers that are joined to the domain or forest.
Table of contents
Forest functional level matrix
The below table shows the available forest functional levels and which Domain Controller operating systems are supported.
Note: Windows Server 2019 and Windows Server 2022 are available, but there are no new domain functional levels added for those OS versions. Windows Server 2016 is the most recent forest and domain functional level.
Forest functional level | Supported Domain Controller (OS) |
---|---|
Windows 2000 | Windows Server 2008 R2 Windows Server 2008 Windows Server 2003 Windows 2000 |
Windows Server 2003 | Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 R2 Windows Server 2008 Windows Server 2003 |
Windows Server 2008 | Windows Server 2022 Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 R2 Windows Server 2008 |
Windows Server 2012 | Windows Server 2022 Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 |
Windows Server 2012 R2 | Windows Server 2022 Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 |
Windows Server 2016 | Windows Server 2022 Windows Server 2019 Windows Server 2016 |
Domain functional level matrix
The below table shows the available domain functional levels and which Domain Controller operating systems are supported.
Note: Windows Server 2019 and Windows Server 2022 are available, but there are no new domain functional levels added for those OS versions. Windows Server 2016 is the most recent forest and domain functional level.
Domain functional level | Supported Domain Controller (OS) |
---|---|
Windows 2000 | Windows Server 2008 R2 Windows Server 2008 Windows Server 2003 Windows 2000 |
Windows Server 2003 | Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 R2 Windows Server 2008 Windows Server 2003 |
Windows Server 2008 | Windows Server 2022 Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 R2 Windows Server 2008 |
Windows Server 2012 | Windows Server 2022 Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 |
Windows Server 2012 R2 | Windows Server 2022 Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 |
Windows Server 2016 | Windows Server 2022 Windows Server 2019 Windows Server 2016 |
Raise functional level to highest value examples
Here are a couple of examples that will show how to raise the Active Directory functional levels to the highest value:
Note: You can set the domain functional level to a value higher than the forest functional level, but you cannot set the domain functional level to a value lower than the forest functional level.
Example 1. Raise functional level from Windows Server 2008 to Windows Server 2016:
- Install two new Windows Server 2022 Domain Controllers.
- Demote both Windows Server 2008 Domain Controllers.
- Raise forest and domain functional level to Windows Server 2016 (latest)*
*It’s only possible to raise the forest and domain functional level if the Windows Server 2008 DCs are both demoted.
Example 2. Raise functional level from Windows Server 2012 R2 to Windows Server 2016:
- Install two new Windows Server 2022 Domain Controllers.
- Demote both Windows Server 2012 R2 Domain Controllers.
- Raise forest and domain functional level to Windows Server 2016 (latest)*
*It’s only possible to raise the forest and domain functional level if the Windows Server 2012 R2 DCs are both demoted.
Example 3. Raise functional level from Windows Server 2016 to Windows Server 2022:
It’s impossible to raise the functional level from Windows Server 2016 to Windows Server 2022. That’s because Windows Server 2016 is the most recent forest and domain functional level value you can set.
Windows Server 2019 and Windows Server 2022 are available, but there are no new domain functional levels added for those OS versions. Windows Server 2016 is the most recent forest and domain functional level.
How to check forest and domain functional level
To know which AD forest and domain functional level values are active, read the article Check Active Directory forest and domain functional level.
How to get all Domain Controllers
To get all Domain Controllers and their operating systems, read the article Get all Domain Controllers with PowerShell.
Suppose you have 1x Domain Controller running, and you want to add another Domain Controller to provide fault tolerance, read the article Add Domain Controller to existing domain.
Conclusion
We showed the forest and domain functional level compatibility matrix. The matrix values are the same for the forest and the domain functional level. But it’s good to separate the tables, so you are more focused and aware when looking at them.
Always set the forest and domain functional levels to the highest value that your environment can support. This way, you can use as many AD DS features as possible.
Did you enjoy this article? You may also like Export disabled users from Active Directory. Don’t forget to follow us and share this article.
This Post Has 0 Comments