My customer has older Windows Server Domain Controllers running older functional levels and would like to upgrade them, but is unclear what the different domain functional levels provide. Is there a document that provides the differences? Also, does Microsoft have recommendations about domain and forest functional levels for AD?
Microsoft recommends the latest domain and forest functional level in Windows Server 2016 because it provides the latest levels of security and identity management such as privileged access management (PAM) using Microsoft Identity Manager (MIM) and much more.
To learn more, see this link: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels