question

Yankee30 avatar image
0 Votes"
Yankee30 asked Razzi-7932 answered

Domain Controller 2019 with Windows 2003 member servers

We’re planning to promote our existing Domain controllers from Windows Server 2008 to Windows server 2019.
As of now we don’t have any plans to raise the functional level.
Current forest/domain level is at Windows Server 2008


We have several Windows Server 2003 running as member servers. Will that be a problem for 2003 member servers if we upgrade Domain controllers to 2019 ? Upgrading 2003 servers is currently not an option.

I read some comments about 2003 using smbv1.

Now is there any specific thing that’ll stop working for all existing 2003 members once we upgrade DC’s to 2019?

Do we need to enable smbv1 on all 2019 DC’s for 2003 member servers to work fine?

If yes, is there any different process to enable it on DC’s? Or we need to enable it like its done on any other 2019 servers like mentioned in below URL?

https://blog.baeke.info/2020/06/08/adding-smb1-protocol-support-to-windows-server-2019/amp/

windows-active-directorywindows-server-2019
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LeonLaude avatar image
0 Votes"
LeonLaude answered LeonLaude commented

Hi @Yankee30,

You can have Windows Server 2003 domain-joined machines in an Active Directory Domain Services (ADDS) 2019 environment, as long as SMBv1 is enabled.
I do believe you would need to have SMBv1 enabled on your Domain Controllers, to enable SMBv1 you can have a look here:

How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows
https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3

I understand your need of keeping the Windows Server 2003 machines, but I would just like to point out that it is very highly recommended to upgrade/get rid of them, as SMBv1 is also a high security risk.


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)


Best regards,
Leon

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@LeonLaude thanks for the reply. May I know what would stop working in 2003 members if we don’t enable smb1 on 2019DC’s?

0 Votes 0 ·

Well the Windows Server 2003 machines only use SMBv1, and if that is disabled on the DCs then the Windows Server 2003 servers won't be able to communicate properly to the DCs, here's a list of all the services/ports:

Service overview and network port requirements for Windows
https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements

0 Votes 0 ·
Razzi-7932 avatar image
0 Votes"
Razzi-7932 answered

@LeonLaude I reviewed and followed the article you pointed to @Yankee30 but I am still getting the error attached... Any ideas or suggestion,s please? I too have Windows 2003 that I MUST join to a Windows 2016 functional level domain.

166488-errorjoinwin2003.png



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.