Tuesday, January 15, 2013

Exchange 2003 and Windows Server 2012 Domain Controller

A customer asked me today if they can upgrade to their domain controllers to Windows Server 2012 whilst running Exchange Server 2003.

Exchange 2003 does not support Windows Server 2012 Domain Controllers.

This not only includes the 2012 Forest Funtional Level (FFL) and 2012 Domain Functional Level (DFL) but the Windows Server 2012 DC's.  If you have a Windows Server 2012 Domain Controller running 2003 FFL/DFL, this is still not supported.

There is no support planned for Windows Server 2012 Domain Controllers with Exchange 2003.


  1. Im thinking to start using 2012 this days. Just need few days to get used on it.

  2. I can't find anything on Microsoft's Web site about this. Not that I don't trust an MCITP -- I "see" the 2012 DC missing from that tab in Exchange System Manager -- but do you know what specifically keeps the two from interacting? A Group Policy or local security policy, maybe? I do have an Exchange 2003 upgrade planned for this year, but I'm just curious.

  3. Hi James,

    The technical reason won't make any difference, at the end of the day it is not supported by Microsoft.

    Microsoft does not want customers trying to sneak around any technical issues.

    If you still have Exchange 2003, do not deploy 2012 Domain Controllers. Simple!

    Kind Regards,

  4. I believe the guidance from Microsoft is that you cannot deploy Server 2012 DC's in the same site as an Exchange 2003 server. Other sites are fine, so long as you do not raise your DFL to 2012.

  5. Clint is entirely correct. Deploying *any* Domain Controllers running the Windows Server 2012 operating system in the same forest as Exchange Server 2003 is unsupported. Exchange Server 2003 only supports DCs running the Windows Server 2008 R2 operating system or lower.

    Program Manager
    MS Exchange Product Group

    1. Brian,

      I had no idea about this restriction, and I thought I had done enough due diligence before getting myself into trouble.
      I have two Server 2012 R2 DCs in a forest and domain at Server 2003 functional level

      We have an exchange 2003 SP2 org and we did the upgrade of the DCs first on a weekend where we were to expand the subnet size (from /24 to /22) and take advantage of the Policy - Based DHCP ranges that 2012 R2 has.

      I had no idea where to even look to know that a newer DC for any reason would not be backwards compatible with an existing domain and exchange org if the forest functional level was left alone.

      I am wondering if I should be panicking right now, as we have a new server ready to begin an Exchange 2003 to Exchange 2010 transition to coexistence.

      Is it unsafe to even attempt this?

      Should I promote one of the older former DCs again so there is at least one in the forest?
      Would that even help?

      What about going all the way back to 2003 R2-only DCs? (horrendous option in terms of what the customer is going to say after having to reverse work that already was performed with a nearly day long outage )

      Should I be panicking?

      Please look for my post as CJBTechnologyConsulting in the TechNet blogs?

    2. So, did you end up promoting any 2012 domain controllers? What effect did it have if any on your 2003 Exchange environment?

  6. Here is the MATRIX of Microsoft support of Exchange 2003:

  7. I get your point, however if the Exchange 2003 servers are in a totally separate child domain within the same forest and we're running Exchange 2010 SP3 RU5, surely because we're not running Exchange 2003 it shouldn't make a difference.

  8. A child domain is just a directory partition within Active Directory... Exchange uses the Configuration Partition for most of its configuration data which is in the Forest Root Domain. Exchange is at a forest level, not a domain level... the fact you have a child domain is irrelevant. You cannot have 2012 domain controllers in ANY domain within your forest running Exchange 2003.

  9. Thanks Clint for giving a solid answer.

  10. I know it isn't supported but what exactly will happen or has happened to people's Exchange 2003 environment if they promote a 2012 domain controller? The client I am at believe it or not had 3 NT 4 domains with trust setup to their 2003 FL AD. Finally decommissioned those domains and have in place all our 2012 R2 servers ready to be promoted until I saw this blog. They are in a year long migration from Exchange 2003 to Office 365 but are months away from being finished. Problem is we have other projects on hold right now until we can get at least 2008 R2 FL.

  11. I'm not sure Kristopher, I have never tried it. Microsoft advised it is not supported so I followed their advise.

    I never recommend to implement a solution which is clearly stated by Microsoft as not supported for any customer.

  12. We tried it here. You cannot authenticate to the exchange server. Constant popups for passwords when running outlook, autoconfiguration doesn't work, outlook web access fails - It's not pretty. The sad thing is, some clients work (about 30-40%) and it took a day for the issues to crop up. We migrated on Saturday, issues didn't show up until Tuesday morning.
    0/10 would not try again