This is an issue that can appear when trying to introduce a Windows Server 2025 domain controller into an existing Active Directory forest. You were planning a change, followed the change request process only for it to be torpedoed as the deployment failed. The installation was blocked because the forest functional level is still set to Windows Server 2012R2. At first glance, this can be confusing, since Windows Server 2025 domain controllers are designed to coexist with older versions. However, this problem surfaces when prerequisites for newer DC have not been met.
While it may be tempting to just bump the Forest Functional Level (FFL), that should not be done without verifying that all applications will support this change. Yes we can roll back these changes nowadays, but much better not to break things and have to perform the roll back.
Windows Server 2016 FFL Blocker
Note that the addition of a Windows Server 2025 DC is blocked due to the FFL being older than Windos 2016.
We can quickly verify the Domain and Forest Functional Levels using PowerShell
Get-ADDomain | fl Name,DomainMode
Get-ADForest | fl Name,ForestMode
Increase FFL - Easy, Right?
Well not always. Here there is still a Windows Server 2012R2 DC. That needs to be replace/upgrade before we can progress further.
Get-ADDomainController -Filter * | Select-Object Name, OperatingSystem
Cheers,
Rhoderick
