none
Risks in leaving Domain functional level at Windows server 2k3, when Schema level is at 2k8 R2

    Question

  • Hi all,

    I am building a risk log and we have an area where we are running a windows Domain running at 2k3 domain functional level, with a 2k8 R2 Schema. Can anybody identify what the risks are in doing this if any..

    Friday, April 21, 2017 9:24 AM

All replies

  • Hi

     Point is if you don't raise functional level,you don't Take advantage of Server 2008 r2 functional level feautures,like AD recycle bin,MSA (managed service accounts.),FGPP (fine grained password policy),etc..

     So for AD security that's a Complex structure for secure.Like network topology,AD security rules,password policies,permissions,DB security,etc..But there isn't any known issue related to leave functional level 2003 on server 2008 r2 schema.

     But as you known also,server 2003 is out of support.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Friday, April 21, 2017 9:40 AM
  • Simply that you cannot take advantage of functionalities requiring higher DFL or FFL. Some software may also require a minimum of DFL and FFL which may require you to update them. So, the risk depends of what you are planning to achieve and software you are planning to integrate. If you don't have DCs running Windows Server 2003 then simply upgrade your DFL and FFL.

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Sunday, April 23, 2017 12:18 AM
  • Hi,
    As others said, some new features would be not available, including the followings based on my knowledges
    SYSVOL Distributed File System (DFS) replication support
    Advanced Encryption Services (AES 128 and 256) support for the Kerberos protocol
    Last Interactive Logon Information
    Fine-Grained Password Policies
    It might be the “risks” which you metioned.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, April 24, 2017 7:36 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Saturday, April 29, 2017 10:46 AM
    Moderator