Vulnerability V-243480

Open "Active Directory Domains and Trusts" (run "domain.msc") or "Active Directory Users and Computers" (run "dsa.msc"). Right-click in the left pane on the name of the Domain being reviewed. Select "Raise domain functional level..." The current domain functional level will be displayed (as well as the option to raise the domain functional level). Select "Cancel" to exit. Alternately, using PowerShell (Windows Server 2016): Select "Active Directory Module for Windows PowerShell", available in Administrative Tools or the Start Screen. Run "Get-ADDomain". View the value for "DomainMode:" If the domain functional level is not Windows Server 2016, this is a finding. Using the highest domain functional level supported by the domain controllers is recommended.

Raise the domain functional level to Windows Server 2016. Using the highest domain functional level supported by the domain controllers is recommended. Raising the domain functional level needs to be carefully planned and implemented. This prevents the addition of domain controllers to the domain using Windows versions prior to the current domain functional level. Refer to Microsoft documentation for the process and requirements of raising the domain functional level.