I encountered this issue while attempting to setup Azure AD Connect from my lab into Azure.
In my lab environment, I’ve built a new Domain Controller running on the Windows Server 2016 Technical Preview 2 Build 10074.
The domain and forest functional level are both set to “Windows Server Technical Preview”.
I’ve also built a separate Azure AD Connect virtual machine, which has 2 network adapters; one connected to the Internal Lab Network, and the other connected to the External Internet Network (with a static IP address).
Azure AD Connect Installation
While following this article on the Express Installation of Azure AD Connect, I downloaded and used the latest version of Azure AD Connect, specifically version 1.0.8641 as of this writing.
Walking through the Express Installation, when I got to the Connect to AD DS screen and provided enterprise administrator credentials, the installer did not accept that the forest functional level of “Windows Server Technical Preview” is indeed higher than “Windows2003Forest”.
So, what can we do at this point? Well, to move forward sometimes we have to take a step backwards.
Lower AD Forest/Domain Forest Functional Level
I decided to try to temporarily lower the domain and forest functional level, attempt the installation of Azure AD Connect, and then try to raise the level back to the Windows Server Technical Preview level. Here are my results.
To lower the Active Directory functional level, I followed this TechNet article: http://blogs.technet.com/b/aman/archive/2012/12/29/step-by-step-guide-to-lower-active-directory-functional-level.aspx
Following that article, I first checked what level the forest was set to, using the Get-ADForest PowerShell command. Interestingly, the Forest Mode shows as “WindowsThresholdForest”, even though in the GUI it is displayed as “Windows Server Technical Preview”.
Next, I ran the following PowerShell commands:
- Set-ADForestMode –Identity “SC.LAB” –ForestMode Windows2012R2Forest
- Set-ADDomainMode –Identity “SC.LAB” –DomainMode Windows2012R2Domain
After successfully running the referenced commands, I re-ran the Get-ADForest command to confirm that the changes had taken place. Just to be safe, I restarted my Domain Controller and the Azure AD Connect virtual machine as well.
Azure AD Connect Re-Installation
Now that we have lowered our Active Directory forest and domain functional level to “Windows2012R2”, let’s re-attempt the installation of Azure AD Connect.
This time, I was able to successfully get past the Connect to AD DS screen and reach the final Configure screen to perform the installation.
Happily, the installation of Azure AD Connect completed successfully.
On my Azure AD Connect server, launching the Synchronization Service Manager shows that a full synchronization has completed successfully.
Logging into the Azure portal and checking the Directory Integration, it also shows that the synchronization is working.
Raise AD Forest/Domain Functional Level
Now that Azure AD Connect is up and running, let’s try returning the Active Directory forest and domain functional level back to the “Windows Server Technical Preview” as it was previously.
Basically, all I need to do is run the same PowerShell commands:
- Set-ADForestMode –Identity “SC.LAB” –ForestMode WindowsThresholdForest
- Set-ADDomainMode –Identity “SC.LAB” –DomainMode WindowsThresholdDomain
I restarted both the domain controller and the Azure AD Connect server again after this change.
To verify that the Azure AD Connect is still functioning correctly after changing the AD forest and domain functional level, I created a new user in AD, initiated a sync, and confirmed this user account appears in Azure AD.
So obviously Windows Server 2016 is still in Technical Preview. Therefore it is highly expected that once it becomes RTM, the Azure AD Connect will be updated to recognize that a Windows Server 2016 forest/domain is obviously greater than Windows Server 2003.
But for now, to be able to install Azure AD Connect on Windows Server 2016 Technical Preview you have 2 options:
- Perform the first installation of Windows Server 2016 Technical Preview Active Directory Domain Services, with the forest and domain functional level set as Windows Server 2012 R2; or
- If you have already installed AD DS as “Windows Technical Preview”, follow the steps described in this article to temporarily lower the functional level, complete the Azure AD Connect installation, and then return the functional level back to “Windows Technical Preview”
I hope this helps you with your experience with the Windows Server 2016 Technical Preview 2 and Azure AD Connect.