I'm finding conflicting information about adding a new DC running Windows Server 2016 to an existing domain running Windows 2003 DC with Forest Function Level and Domain Function Level set to Windows Server 2003. I have found two Microsoft KBs that appear to suggest the exact opposite. Anyone know the real answer? Thanks for any input.
1st KB supports Windows Server 2016 with 2003 FFL and DFL:
"Windows Server 2016 requires a Windows Server 2003 forest functional level. That is, before you can add a domain controller that runs Windows Server 2016 to an existing Active Directory forest, the forest functional level must be Windows Server 2003 or higher. If the forest contains domain controllers running Windows Server 2003 or later but the forest functional level is still Windows 2000, the installation is also blocked."
2nd KB blocks Windows Server 2016 with 2003 FFL and DFL:
Supported Domain Controller Operating System:
You can add a Windows Server 2016 DC to a 2003 network. That is what I do in the migration guide for SBS 2003 to 2016. For Windows Server 2019 it is different because that requires a minimum functional level of 2008
Thanks. The 2016 DC deployment worked perfectly.
Mariette, I did notice one odd thing following the addition of the new Server 2016 DC. In DNS, I'm missing _msdcs under mydomain.local. However, when I run DCDIAG /test:DNS /DNSALL /e /v on my new Server 2016 DC, I get no errors and Summary results for DNS are all PASS in the results box at the bottom of the results.
Can this DNS hive be manually created? Or will restarting the Netlogon service rebuild what is missing?
Try this from an elevated Powershell prompt on the new server
Restart-Service dns -Force
Restart-Service netlogon -Force
I ran the commands but the _msdcs.wellspring.local hive was not created. dcdiag /fix ran without errors, however. And I ran another DCDIAG /test:DNS /DNSALL /e /v test and all looks good at the bottom with the DNS as they're all PASS.
For the NIC, I have pointed the primary DNS to the IP address of my main DC that holds all FSMO roles. The 2nd DNS entry on the NIC points to the loopback of 127.0.0.1. The main DC is an older physical Dell server running Windows 2003 Server R2 and it'll be retired soon. I'm planning to transfer all of the FSMO roles to the new DC running Windows 2016 Server, which is a VM in my VMware setup.