Active Directory Forest Functional Levels for Exchange Server 2016


Our September 2016 release blog included a statement that is causing some confusion with customers. The confusion relates to our support of Windows Server 2016 with Exchange Server 2016. The blog included a statement that read, “Domain Controllers running Windows Server 2016 are supported provided Forest Functional Level is Windows Server 2008R2 or Later.” We would like to provide additional clarity on what this statement means, and more importantly what it doesn’t.

Question #1: If I want to deploy Exchange Server 2016, must my Active Directory environment use Forest Functional Level 2008R2 or later?

Answer: No. Exchange Server 2016 is supported in environments configured to Forest Functional Level 2008 and later.

Question #2: If I want to install Exchange Server on a server running Windows Server 2016, does my Active Directory environment need to advance Forest Functional Level to 2008R2 or later?

Answer: No. Exchange Server 2016 installation on Windows Server 2016 is supported if Active Directory is configured to Forest Functional Level 2008 and later.

Question #3: What is the real requirement you are calling out here?

Answer: If you are running Exchange 2016 anywhere in your environment, and if any of the Domain Controllers used by Exchange are running Windows Server 2016, then the Forest Functional Level must be raised to 2008R2 or later.

In our experience, customers who keep their Domain Controllers deployed at the latest OS revision level, also employ the highest level of reliability, security and functionality and this requirement should not be a deployment blocker.

Question #4: Why is 2008R2 Forest Functional Level or later required?

Answer: Advancing the directory to a higher level of functionality requires DC’s on older operating systems to be retired. Our goal is to make certain that Exchange Server uses the highest level of security settings reasonably possible, including newer cryptographic standards. Windows Server 2008 no longer meets the minimum standard we are requiring and being requested by customers. Customers who are deploying the latest version of Exchange and Windows Server are often doing so to improve the security of their overall ecosystem. Our goal is to make certain that Exchange Server functions correctly under these assumptions and requirements. Limiting the use of old standards allows Exchange Server to meet the requirements of current security standards.

Question #5: Will Exchange Setup block installing Exchange Server 2016 if I am using Windows Server 2016 on a Domain Controller but have not raised the Forest Functional Level?

Answer: At this time, there is no Setup block. This pre-requisite is a soft requirement enforced by policy only. If a customer calls into support and is using Windows Server 2016 Domain Controllers with Exchange Server 2016 and they have not raised the Forest Functional Level to the minimum value, we may ask them to do so as part of root cause elimination.

Question #6: When will Exchange Setup force the use of 2008R2 Forest Functional Level for an Exchange Server installation?

Answer: The minimum supported Forest Functional Level will be raised to 2008R2 in Cumulative Update 7 for all Exchange Server 2016 deployments. We know that customers need time to plan and deploy the necessary migration/decommission of Active Directory Servers. 2008R2 Forest Functional Level will be a hard requirement in Cumulative Update 7, enforced by Exchange Setup. Cumulative Update 7 ships in the 3rd quarter of 2017, one year after the first announcement.

For a complete list of Exchange requirements please see this TechNet article.

The Exchange Team

Comments (6)

  1. sime3000 says:

    Hello Exchange Team,

    Thanks for this informative post re Exchange 2016 pre-requisites. While we’re on the subject …

    UCMA 4.0 is listed as a prerequisite for Exchange 2016 on Windows 2016 https://technet.microsoft.com/en-us/library/bb691354(v=exchg.160).aspx

    However UCMA 4.0 was released four years ago and is clearly not supported on Windows 2016 according to the UCMA 4.0 requirements on this page https://www.microsoft.com/en-us/download/details.aspx?id=34992

    So how is UCMA 4.0 a supported prerequisite for Exchange 2016 on Windows 2016 ?

    Looking forward to your timely response Exchange Team.

    1. The download entry to which you refer lists the supported OS’es which existed at the time it was posted. In addition to Windows Server 2016 not being listed, neither is Windows Server 2012R2 which is also a supported operating system for Exchange Server 2013 and 2016. The Exchange team has validated that UCMA installs and meets the requirements of Exchange Server on all supported operating systems. The Lync team, which developed the UCMA package, has not made us aware of any plans to not support our use of this package on any of our supported operating system.

  2. Mike says:

    Great clarification.

    I still do not see why some environment still use 2008 forest/domain functional level unless they have created custom schema that does not support the newer version.

  3. @Exchangeitpro says:

    Question #4: Why is 2008R2 Forest Functional Level or later required?

    Answer: Advancing the directory to a higher level of functionality requires DC’s on older operating systems to be retired.

    Can you elaborate more on security please or refer to an article?

  4. Augusto Juca says:

    Hello ! good article, and my concern is about Exchange 2010 compatibility with Active Directory 2016 environment
    The table Supported Active Directory environments inform that it is no compatible, but when you change the site language for German or other language that isnt English, it show that Windows Server 2016 Active Directory are supported for Exchange 2007 and 2010. So what is the right information ?
    Im planning to upgrade my AD first and than Exchange 2010.

    https://technet.microsoft.com/en-us/library/ff728623(v=exchg.150).aspx

    1. The English version of the table is the correct one. There was an editing update on the article that appears to not have been updated in local languages yet. We have not validated Exchange Server 2007 or 2010 with Windows Server 2016 domain controllers.

Skip to main content