Our September 2016 release blog included a statement that is causing some confusion with customers. The confusion relates to our support of Windows Server 2016 with Exchange Server 2016. The blog included a statement that read, “Domain Controllers running Windows Server 2016 are supported provided Forest Functional Level is Windows Server 2008R2 or Later.” We would like to provide additional clarity on what this statement means, and more importantly what it doesn’t.
Question #1: If I want to deploy Exchange Server 2016, must my Active Directory environment use Forest Functional Level 2008R2 or later?
Answer: No. Exchange Server 2016 is supported in environments configured to Forest Functional Level 2008 and later.
Question #2: If I want to install Exchange Server on a server running Windows Server 2016, does my Active Directory environment need to advance Forest Functional Level to 2008R2 or later?
Answer: No. Exchange Server 2016 installation on Windows Server 2016 is supported if Active Directory is configured to Forest Functional Level 2008 and later.
Question #3: What is the real requirement you are calling out here?
Answer: If you are running Exchange 2016 anywhere in your environment, and if any of the Domain Controllers used by Exchange are running Windows Server 2016, then the Forest Functional Level must be raised to 2008R2 or later.
In our experience, customers who keep their Domain Controllers deployed at the latest OS revision level, also employ the highest level of reliability, security and functionality and this requirement should not be a deployment blocker.
Question #4: Why is 2008R2 Forest Functional Level or later required?
Answer: Advancing the directory to a higher level of functionality requires DC’s on older operating systems to be retired. Our goal is to make certain that Exchange Server uses the highest level of security settings reasonably possible, including newer cryptographic standards. Windows Server 2008 no longer meets the minimum standard we are requiring and being requested by customers. Customers who are deploying the latest version of Exchange and Windows Server are often doing so to improve the security of their overall ecosystem. Our goal is to make certain that Exchange Server functions correctly under these assumptions and requirements. Limiting the use of old standards allows Exchange Server to meet the requirements of current security standards.
Question #5: Will Exchange Setup block installing Exchange Server 2016 if I am using Windows Server 2016 on a Domain Controller but have not raised the Forest Functional Level?
Answer: At this time, there is no Setup block. This pre-requisite is a soft requirement enforced by policy only. If a customer calls into support and is using Windows Server 2016 Domain Controllers with Exchange Server 2016 and they have not raised the Forest Functional Level to the minimum value, we may ask them to do so as part of root cause elimination.
Question #6: When will Exchange Setup force the use of 2008R2 Forest Functional Level for an Exchange Server installation?
Answer: The minimum supported Forest Functional Level will be raised to 2008R2 in Cumulative Update 7 for all Exchange Server 2016 deployments. We know that customers need time to plan and deploy the necessary migration/decommission of Active Directory Servers. 2008R2 Forest Functional Level will be a hard requirement in Cumulative Update 7, enforced by Exchange Setup. Cumulative Update 7 ships in the 3rd quarter of 2017, one year after the first announcement.
For a complete list of Exchange requirements please see this TechNet article.