| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-243480 | CAT II | MONT-DC-003 | Active Directory Domain Security Technic... | The domain functional level must be at a Windows S... | - | |||
Check TextOpen "Active Directory Domains and Trusts" (run "domain.msc") or "Active Directory Users and Computers" (run "dsa.msc"). Right-click in the left pane on the name of the Domain being reviewed. Select "Raise domain functional level..." The current domain functional level will be displayed (as well as the option to raise the domain functional level). Select "Cancel" to exit. Alternately, using PowerShell (Windows Server 2016): Select "Active Directory Module for Windows PowerShell", available in Administrative Tools or the Start Screen. Run "Get-ADDomain". View the value for "DomainMode:" If the domain functional level is not Windows Server 2016, this is a finding. Using the highest domain functional level supported by the domain controllers is recommended. Fix TextRaise the domain functional level to Windows Server 2016. Using the highest domain functional level supported by the domain controllers is recommended. Raising the domain functional level needs to be carefully planned and implemented. This prevents the addition of domain controllers to the domain using Windows versions prior to the current domain functional level. Refer to Microsoft documentation for the process and requirements of raising the domain functional level. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-ActiveDirectoryDomain_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 7046F3346ADC27A5DC94A4619E48DF67887115E4 ~~~~~ Domain Level: Windows2016Domain
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_ADDomain_V3R5_20251023-171837.ckl
Scan Date: 2026-01-14T12:57:36.435963
Technology Area: Domain Name System
|
||||||||