Compatibility Windows 2000 member and 2019 domain controller

matteu31 467 Reputation points
2020-12-18T14:01:26.907+00:00

Hello,

I did an audit in one client Active directory and find he has some W2000/2003 servers.
Actually he uses 2012domain controller and I need to give pro and cons to migrates to 2019 domain controller.

I don't find any documentation about domain controller and guest OS matrix except this one : https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee522994(v=ws.10)?redirectedfrom=MSDN#client-server-and-application-interoperability
But nothing indicate for 2000 guest member something is needed until 2008r2 domain controller.
I know I will never find Windows 2000 with 2019 but I would like to know if it's possible to work or not. My client will know it's totally unsupported scenario and big security issue.
I don't know exactly what is the best between :
-Continue to use them but decrease algorithm accepted and other stuff ? What could I have to change after RC4 allowed ?
-Migrate all of them in new domain in the same forest ?
-Migrate all of them in new AD forest ?

What would you do as alternative to "migrate them".

Thank you for your help.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,848 questions
0 comments
Accepted answer
  1. Dave Patrick 426.1K Reputation points MVP
    2020-12-18T14:09:09.157+00:00

    I don't find any documentation about domain controller and guest OS matrix.

    You won't find any because its simply limited to supported operating systems. I'd suggest standing it up in a test environment to see if it might work for you.

    As to standing up 2019 domain controllers;

    The two prerequisites to introducing the first 2019 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
    https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

    --please don't forget to Accept as answer if the reply is helpful--

    1 person found this answer helpful.
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. matteu31 467 Reputation points
    2020-12-18T14:11:31.843+00:00

    Thank you for your answer.
    All prerequesites are ok.

    I just would like if something is needed for 2000 to join 2019 server but yes, probably better to just test it ... I ll try to find iso :)
    Thanks

    0 comments
  2. Dave Patrick 426.1K Reputation points MVP
    2020-12-18T14:15:05.367+00:00

    Sounds good, you're welcome.

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments