Forum Discussion

HugoPerez's avatar
HugoPerez
Copper Contributor
Apr 11, 2026

Error al agregar Windows Server 2025 a dominio existente, nivel funcional 2016

Buenas a todos, Me dirijo a esta comunidad en busca de orientación para resolver un problema que se me está presentando al intentar integrar un nuevo servidor con Windows Server 2025 Standard a mi i...
Active Directory
windows server
kyazaferr's avatar
kyazaferr
MCT
May 08, 2026

The issue here is most likely not Windows Server 2025 or the 2016 functional level itself.

The main problem is that the environment is using a **single-label domain** (`impresoratec`) instead of a proper FQDN such as `impresoratec.local` or `impresoratec.com`.

Microsoft has discouraged single-label domains for many years because they can cause issues with:

* DNS SRV record resolution

* Domain Controller discovery

* Kerberos authentication

* LDAP

* Modern Windows compatibility

* Hybrid/cloud integrations

* Newer Windows Server versions

Windows Server 2025 is stricter with DNS validation and Active Directory discovery, which is why the domain join may fail even though the existing DCs continue to operate normally.

> `_ldap._tcp.dc._msdcs.impresoratec`

strongly suggests that the new server cannot properly resolve or contact the SRV records for the domain.

A few things to verify:

1. Ensure the new server is using ONLY the internal AD DNS servers.

Do NOT use:

* Public DNS

* Router/firewall DNS

* ISP DNS

ipconfig /all

```

2. Verify SRV record resolution:

nslookup

set type=SRV

_ldap._tcp.dc._msdcs.impresoratec

3. Test LDAP/Kerberos connectivity:

Test-NetConnection server-dc01.impresoratec -Port 389

Test-NetConnection server-dc01.impresoratec -Port 88

4. Re-register DNS records on the DCs:

ipconfig /registerdns

net stop netlogon

net start netlogon

```

5. Verify that the following zone exists and contains valid SRV records:

* `_msdcs.impresoratec`

6. WINS is usually not required anymore in modern AD/DNS environments.

Regarding the AD schema:

* Windows Server 2025 can join a domain running at Windows Server 2016 functional level.

* You do NOT need to extend the schema just to join a member server.

* Schema updates are only required if you plan to promote the server to a Domain Controller.

That said, the biggest long-term concern is still the single-label domain design.

Many administrators have reported similar issues with:

* Windows Server 2022/2025

* Windows 11

* Entra ID Connect

* Certificates

* Modern authentication services

when using single-label domains.

My long-term recommendation would be to plan a migration to a proper FQDN-based Active Directory domain.