An Overview of Domain and Forest Functional Levels

An Overview of Domain and Forest Functional levels
Domain and forest functional levels provides the means by which you can enable additional
domain-wide and forest-wide Active Directory features, remove outdated backward
compatibility within your environment, and improve Active Directory performance and security.
In Windows 2000, the terminology used to refer to domain functional levels was domain modes.
Forests in Windows 2000 have one mode and domains can have the domain mode set as either
mixed mode or native mode. With Windows Server 2003 Active Directory came the introduction
of the Windows Server 2003 interim functional level and Windows Server 2003 functional level
for both domains and forests. The four domain functional levels that can be set for domain
controllers are Windows 2000 mixed, Windows 2000 native, Windows Server 2003 interim, and
Windows Server 2003. The default domain functional level is Windows 2000 mixed. The three
forest functional levels are Windows 2000, Windows Server 2003 interim, and Windows Server
2003. The default forest functional level is Windows 2000.
When the Windows Server 2003 functional level is enabled in your environment, additional
Active Directory domain-wide and forest-wide features are automatically enabled. Windows
Server 2003 functional level is enabled in your environment when all domain controllers are
running Windows Server 2003. The Active Directory Domains And Trusts console is used to
raise the functional levels of domains and forests in Active Directory.
Domain Functional Levels

When raising the domain functional level from Windows mixed to Windows 2000 native or the
Windows Server 2003 functional level, domain controllers are regarded as peers to each other.
What this essentially means is that the domain master concept no longer exists. It also means that
pre-Windows 2000 replication no longer exists. If you are considering raising the domain
functional level within your environment to Windows Server 2003, you should remember that
after the domain functional level is raised, you cannot add any Windows 2000 server to the
particular domain.
Windows 2000 Mixed Domain Functional Level
Any newly installed domain controller operates in Windows 2000 mixed domain functional level
for the domain by default. This makes the Windows 2000 mixed domain functional level the
default functional level for all Windows Server 2003 domains. Windows 2000 mixed domain
functional level enables the Windows Server 2003 domain controller to operate together with
Windows NT 4, Windows 2000, and Windows Server 2003 domain controllers. The only
Windows NT domain controllers supported are Windows NT backup domain controllers (BDCs).
Windows NT primary domain controllers do not exist in Active Directory. In Active Directory,
domain controllers act as peers to one another. Windows 2000 mixed domain functional level is
usually used to migrate domain controllers from Windows NT to Windows 2000 domain
controllers.
You can raise Windows 2000 mixed domain functional level to

 Windows 2000 native domain functional level
 Windows Server 2003 domain functional level
The Active Directory domain features that are available in Windows 2000 mixed domain
functional level are listed below:
 Local and Global groups

 Distribution Groups
 Distribution Group nesting
 Global Catalog support
 Up to 40,000 domain objects are supported
The Active Directory domain features that are not supported in Windows 2000 mixed domain
 Renaming domain controllers

 Universal Groups
 Security group nesting
 SID History
 Update logon timestamp
 Group conversion between Security Groups and Distribution Groups
 Users/Computers container redirection
 Constrained delegation
 User password support on the InetOrgPerson object
windows 2000 Native Domain Functional Level
The Windows 2000 native domain functional level enables Windows Server 2003 domain
controllers to operate with Windows 2000 domain controllers and Windows Server 2003 domain
controllers. This domain functional level is typically used to support domain controller upgrades
from Windows 2000 to Windows Server 2003. Windows NT 4.0 backup domain controllers are
not supported in the Windows 2000 native domain functional level. Windows 2000 native cannot
be lowered again to the Windows 2000 mixed domain functional level.
You can raise the Windows 2000 native domain functional level to
 Windows Server 2003 domain functional level.

The Active Directory domain features that are available in Windows 2000 native domain

 Distribution group nesting
 SID History
 Up to 1,000,000 domain objects are supported
The Active Directory domain features that are not supported in Windows 2000 native domain

Windows Server 2003 Interim Domain Functional Level
Windows Server 2003 interim domain functional level enable domain controllers running
Windows Server 2003 to function in a domain containing both Windows NT 4.0 domain
controllers and Windows Server 2003 domain controllers. Domain controllers running Windows
2000 are not supported in this domain functional level. You can only set this domain functional
level when upgrading from Windows NT to Windows Server 2003. In fact, the Windows Server
2003 interim domain functional level can only be raised to Windows Server 2003 domain
functional level. Windows Server 2003 interim domain functional level is also typically used
when you are not going to immediately upgrade your Windows NT 4.0 backup domain
controllers to Windows Server 2003, and when your existing Windows NT domain has groups
consisting of over 5,000 members.
The Active Directory domain features that are available in Windows Server 2003 interim domain

 Distribution groups
 Up to 40,000 domain objects are supported
The Active Directory domain features that are not supported in Windows Server 2003 interim
domain functional level are listed below:

 SID History
Windows Server 2003 Domain Functional Level
Windows Server 2003 domain functional level is the highest level that can be specified for a
domain. All domain controllers in the domain are running Windows Server 2003. This basically
means that Windows NT 4 and Windows 2000 domain controllers are not supported these
domains. Once the domain level is set as Windows Server 2003 domain functional level, it
cannot be lowered to any of the previous domain functional levels.
All Active Directory domain features are available in Windows Server 2003 domain functional
level:

 universal Groups
 SID History
 Up to 1,000,000 domain objects are supported
How to check which domain function level is set for the

domain
1. Open the Active Directory Domains And Trusts console
2. Right-click the particular domain whose functional level you want verify, and select
Raise Domain Functional Level from the shortcut menu.
3. The Raise Domain Functional Level dialog box opens
4. You can view the existing domain functional level for the domain in Current domain
functional level.
How to raise the domain functional level to the Windows

2000 native domain functional level or Windows Server 2003
domain functional level
Before you can raise the domain functional level to Windows Server 2003 domain functional
level, each domain controller in the domain has to running Windows Server 2003.
To raise the domain functional level for a domain,

2. Right-click the particular domain whose functional level you want to raise, and select
Raise Domain Functional Level from the shortcut menu.
3. The Raise Domain Functional Level dialog box opens.
4. Use the Select An Available Domain Functional Level list to choose the domain
functional level for the domain.
5. Click Raise
6. Click OK
Forest Functional Levels

While Window 2000 has only one forest functional level, Windows Server 2003 has three forest
functional levels. Through the forest functional levels, you can enable forest-wide Active
Directory features in your Active Directory environment. The forest functional levels are actually
very much like the domain functional levels.
Windows 2000 Forest Functional Level
This is the default forest functional level, which means that all newly created Windows Server
2003 forests have this level when initially created. The Windows 2000 forest functional level
supports Windows NT 4, Windows 2000 and Windows Server 2003 domain controllers.
The Active Directory forest features that are available in Windows 2000 forest functional level
are listed below:
 Universal Group caching

 Application directory partitions
 Global Catalog replication enhancements
 Installations from backups
 The Active Directory quota feature
 SIS for system access control lists (SACL)
The Active Directory forest features that are not supported in Windows 2000 forest functional
level are listed below:
 Domain renaming
 Forest Trust
 Defunct schema objects
 Linked value replication
 Dynamic auxiliary classes
 Improved Knowledge Consistency Checker (KCC) replication algorithms
 Application groups
 InetOrgPerson objectClass
 NTDS.DIT size reduction
Windows Server 2003 Interim Forest Functional Level
Domain controllers in a domain running Windows NT 4 and Windows Server 2003 are supported
in the Windows Server 2003 interim forest functional level. This level is used to when upgrading
from Windows NT 4 to Windows Server 2003. The functional level is also configured when you
are not planning to immediately upgrade your existing Windows NT 4 backup domain
controllers, or your existing Windows NT 4.0 domain has groups consisting of over 5,000
members. No Windows 2000 domain controllers can exist if the Windows Server 2003 interim
forest functional level is set for the forest. The Windows Server 2003 interim forest functional
level can only be raised to the Windows Server 2003 forest functional level.
The Active Directory forest-wide features that are available in Windows Server 2003 interim
forest functional level are listed below:

The Active Directory forest features that are not supported in Windows Server 2003 interim
forest functional level are listed below:
 Domain renaming
 Forest Trust
Windows Server 2003 Forest Functional Level
All domain controllers in the forest have to be running Windows Server 2003 in order for the
forest functional level to be raised to the Windows Server 2003 forest functional level. What this
means is that no domain controllers in the Active Directory forest can be running Windows NT 4
and Windows 2000. In the Windows Server 2003 forest functional level, all forest-wide Active
Directory features are available, including the following:
 Domain renaming
 Forest Trust
How to check which forest functional level is set for the

forest
2. Right-click Active Directory Domains and Trusts in the console tree, and select Raise
Forest Functional Level from the shortcut menu.
3. The Raise Forest Functional Level dialog box opens
4. You can view the existing domain functional level for the domain in Current forest
functional level.
How to raise the forest functional level to Windows Server

2003 forest functional level
Each domain controller in the forest has to be running Windows Server 2003 before you can
change the forest functional level to Windows Server 2003. When you raise the forest functional
level, all domains in the forest will automatically have their domain functional level raised to
Windows Server 2003.
To raise the forest functional level for a forest,

2. Right-click Active Directory Domains And Trusts in the console tree, and select Raise
forest Functional Level from the shortcut menu.
3. The Raise Domain Functional Level dialog box opens
4. Click Raise
5. Click OK
Approaches for Raising Functional Levels

You can use one of the following approaches to move from Windows 2000 mixed and Windows
2000 native functional levels to the Windows Server 2003 functional level for the entire forest.
These are:
 Windows 2000 native route: This approach involves raising the domain functional level
to Windows native, and then raising the forest functional level to Windows Server 2003.
 Windows Server 2003 route: This approach involves raising the domain functional level
to Windows native, and then to the Windows Server 2003 functional level. The forest
functional level has to lastly be changed to Windows Server 2003.

An Overview of Domain and Forest Functional Levels

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

An Overview of Domain and Forest Functional Levels

Caricato da

Copyright:

Formati disponibili

An Overview of Domain and Forest Functional levels

Domain Functional Levels

Windows 2000 Mixed Domain Functional Level

You can raise Windows 2000 mixed domain functional level to

 Local and Global groups

 Renaming domain controllers

windows 2000 Native Domain Functional Level

 Windows Server 2003 domain functional level.

 Local and Global groups

 Renaming domain controllers

Windows Server 2003 Interim Domain Functional Level

 Local and Global groups

 Renaming domain controllers

Windows Server 2003 Domain Functional Level

 Local and Global groups

How to check which domain function level is set for the

How to raise the domain functional level to the Windows

To raise the domain functional level for a domain,

1. Open the Active Directory Domains And Trusts console

Forest Functional Levels

Windows 2000 Forest Functional Level

 Universal Group caching

 Universal Group caching

Windows Server 2003 Forest Functional Level

How to check which forest functional level is set for the

How to raise the forest functional level to Windows Server

To raise the forest functional level for a forest,

1. Open the Active Directory Domains And Trusts console

Approaches for Raising Functional Levels

Potrebbero piacerti anche