Home > Active Directory > Forest and Domain Functional Levels

Forest and Domain Functional Levels

A list of the forest functional levels and the features supported in Server 2008 R2.
The list is from the 2nd edition of the Microsoft 70-647 book.

Forest Functional Level and its Features

Windows Server 2000

All default Active Directory features

Windows Server 2003

All default Active Directory features, plus the following features:
■ Support for forest trusts
■ Support for renaming domains
■ Support for linked-value replication, which enables domain controllers to replicate individual property values for objects instead of the complete objects to reduce network bandwidth usage
■ The ability to deploy a read-only domain controller (RODC) that runs Windows Server 2008 or Windows Server 2008 R2
■ Improved Knowledge Consistency Checker (KCC) algorithms and scalability
■ The ability to create instances of the dynamic auxiliary class called dynamicObject in a domain directory partition
■ The ability to convert an inetOrgPerson object instance into a User object instance and the reverse
■ The ability to create instances of the new group types, called application basic groups and Lightweight Directory Access Protocol (LDAP) query groups, to support role-based authorization
■ Deactivation and redefinition of attributes and classes in the schema

Windows Server 2008

All the features available at the Windows Server 2003 forest functional level but no additional features

Windows Server 2008 R2

All the features that are available at the Windows Server 2003 forest functional level, plus the following features:
■ Active Directory Recycle Bin

 

Domain Functional Level and its Features

Windows 2000

Native All default Active Directory features and the following features:
■ Universal groups for both distribution groups and security groups
■ Group nesting
■ Group conversion, which makes conversion between security groups and distribution groups possible
■ Security identifier (SID) history

Windows Server 2003

All default Active Directory features, all features from the Windows 2000 Native domain functional level, plus the following features:
■ The availability of the domain management tool, Netdom.exe, to prepare for a domain controller rename
■ Update of the logon time stamp
■ The ability to set the userPassword attribute as the effective password on the inetOrgPerson object and user objects
■ The ability to redirect Users and Computers containers
■ Authorization Manager, to store its authorization policies in AD DS
■ Constrained delegation
■ Support for selective authentication

Windows Server 2008

All default Active Directory features, all features from the Windows Server 2003 domain functional level, plus the following features:
■ Distributed File System (DFS) Replication support for SYSVOL
■ Advanced Encryption Services (AES 128 and 256) support for the Kerberos authentication protocol
■ Last Interactive Logon Information
■ Fine-grained password policies

Windows Server 2008 R2

All default Active Directory features, all features from the Windows Server 2008 domain functional level, plus the following features:
■ Authentication mechanism assurance
■ Automatic service principal name (SPN) management for services running on a particular computer under the context of a Managed Service Account when the name or DNS host name of the machine account changes

Advertisements
Categories: Active Directory
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: