The domain functional level must be at a Windows Server version still supported by Microsoft.
An XCCDF Rule
Description
<VulnDiscussion>Domains operating at functional levels below Windows Server versions no longer supported by Microsoft reduce the level of security in the domain and forest as advanced features of the directory are not available. This also prevents the addition of domain controllers to the domain using Windows Server versions prior to the current domain functional level.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-243480r723563_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Raise the domain functional level to Windows Server 2008 or later. Using the highest domain functional level supported by the domain controllers is recommended.
Raising the domain functional level needs to be carefully planned and implemented. This prevents the addition of domain controllers to the domain using Windows versions prior to the current domain functional level.
See Microsoft documentation for the process and requirements of raising the domain functional level.