Forum Discussion
Any potential problems with mixed OS versions for Active Directory PDC?
Hi All, Just wanted to get people's opinions on the following: I have a customer with multiple sites, and 3 domain controllers. They also have a Microsoft volume license account so licensing...
You can mix different versions of operating systems across the Domain Controllers, the only thing important is the Domain and Forest function level. See this article about supported operating systems when running a 2008 level domain/forest: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels#windows-server-2008-functional-levels. Things start to change at 2016 level because of DFS-R requirement https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels#windows-server-2016-functional-levels
Harm_VeenstraThat is not all.
Standard in Windows is that if an AD server is on the newest (younger than the youngest) OS all traffic with authentication will go that way.
So best practice: AD servers should always be installed as a single service on a server.
(Not combine it with anything else)
Second be aware that when using multiple domains this can become an issue when communication between DC servers goes over a firewall!
So if you install a new AD server always check network traffic first!
And replace all AD servers beginning with the Primary AD as soon as possible.
Always install latest OS with compatible latest AD.