Forum Discussion

Marcelo327's avatar
Marcelo327
Copper Contributor
Apr 14, 2026

Procedures to raise the functional level of AD 2008 r2 to 2019

Hello everyone,

Our AD has the Windows Server 2008 functional level and the servers with Windows Server 2016 OS. I intend to raise the functional level to 2019 or 2025. I would like your help with tips and documentation to decide whether 2019 or 2025 would be best, what are the risks and procedures for successful migration. I have an isolated environment to carry out rehearsals and tests before actually going into production.

Active Directory

1 Reply

  • kyazaferr's avatar
    kyazaferr
    MCT
    Apr 16, 2026

    First, an important point: there is no Windows Server 2019 or 2022 functional level. After Windows Server 2016, the next newer functional level is Windows Server 2025. So in practice your realistic targets are:

    Raise to Windows Server 2016 functional level if your DCs are Windows Server 2016/2019/2022/2025

    Raise to Windows Server 2025 functional level only after all DCs are running Windows Server 2025

    For most environments, the safest recommendation is:

    Stabilize and validate the current AD

    Check replication health (repadmin /replsummary, repadmin /showrepl)

    Run dcdiag /v

    Confirm SYSVOL is healthy

    Take system state backups of all DCs before changes

    Verify SYSVOL replication is using DFSR, not FRS

    This is critical in older environments. Modern DC introduction requires DFSR for SYSVOL, and domains must use DFSR rather than FRS. Microsoft documents that FRS is deprecated and newer DC scenarios are blocked until SYSVOL is migrated to DFSR.

    Raise the functional level to Windows Server 2016 first

    Since your DCs are already on Windows Server 2016, this is the normal next step once health checks are clean. Windows Server 2019 and 2022 DCs are supported while remaining at the 2016 domain/forest functional level.

    If you want Windows Server 2025 later, use a phased migration

    Microsoft recommends adding new DCs on the newer OS and demoting the older ones, rather than doing in-place upgrades on existing DCs.

    Only raise to Windows Server 2025 functional level after every DC is 2025

    Also note that a Windows Server 2025 DC can only be added to an existing domain/forest that is already at Windows Server 2016 functional level or higher. So if you are still truly at 2008/2008 R2 functional level, you cannot jump straight to a 2025 DC without first moving the environment to 2016 functional level.

    Which is better: 2016 functional level or 2025 functional level?

     

    My practical recommendation would be:

    Choose 2016 functional level now if your goal is low risk and modernization with broad compatibility

    Choose 2025 functional level later only if you are planning a full DC refresh to Windows Server 2025 and want the new AD capability such as the optional 32K database page feature

    Main risks to watch

    Replication issues already present but unnoticed

    SYSVOL still using FRS

    Legacy applications depending on very old AD behavior

    Skipping backups / rollback planning

    Raising the level before all prerequisites are met

    Suggested migration order

    Full AD health assessment

    Confirm backup/restore procedure in lab

    Confirm DFSR for SYSVOL

    Raise DFL/FFL to 2016

    Introduce new 2025 DCs in the lab, then production

    Transfer FSMO roles if needed

    Demote old DCs

    Raise DFL/FFL to 2025 only when all DCs are 2025