Has anyone upgraded their AD to 2016 yet

  • Last Post 19 February 2017
BrianB posted this 16 February 2017

I have a unique opportunity to build a new AD forest as part of a divesture and move our assets and resources to the new environment. We initially started our Dev and test environments with 2012 R2 given that we started the project months before the release of 2016. We have now been afforded the luxury of an extended timeline of several more months. We are now considering scrapping our Dev and test environment and rebuilding them as AD 2016 with Server 2016 PKI, ADFS, ADLDS, etc…

  Has anyone on this forum already upgraded their AD to 2016 and if so, were there any nuances or gotcha’s to look out for? We can still stay with 2012 R2 and wait for the possible R2 version of 2016 or at the very least more/better documentation but if we can forego the upgrade later by moving the latest now, we can save ourselves some work in the future.      I am looking for anything that would help us know what to expect or overcome if we went with AD 2016.

  I appreciate any and all feedback.   Brian Britt

Order By: Standard | Newest | Votes
webster posted this 16 February 2017

All the new AD projects I am working on are all 2016. My lab AD has been running 2016 since 2016 came out on MSDN. I upgraded my employer's three Forests to 2016 with no issues.






Milo posted this 16 February 2017

The only "issue" I have seen is the excessive permissions granted to one of the new security principals (Enterprise Key Admins), detailed here:





a-ko posted this 17 February 2017

That’s not really an issue if users aren’t added to the group…It’s just they’ve got some extraneous stuff that isn’t quite used yet but is there to support it.



Milo posted this 17 February 2017

That's why I put the word issue in inverted commas, i.e. "issue"... however since Account Operators can manage this group and if you are in a pure 2016 envinronment the group is present and has Full Control permissions by default, bit scary. To me it is

a big concern working as an AD Security Architect, maybe not an issue as such but I was just trying to inform of what I had found... apologies for not sticking strictly to topic...


patrickg posted this 19 February 2017

Haven’t yet but looking to be upgraded to 2016 by Summer at latest. The only “political” debate between the admins is if the boxes will have the full GUI install or

be Core installs, not seriously considering Nano until an R2 release likely.




BrianB posted this 19 February 2017

Interestingly, they seem to have taken away the ability to move between core, minimal, and full gui. Gotta know what you want at the install and stick with it.

Not that we switch at all now, but the flexibility   is nice to have. We usually install core for everything that is supported.

Brian B.

Get Outlook for Android