• Windows Server

When you create an Active Directory infrastructure, you have the option of choosing a functional level for the forest and for the domain.
If all your servers use the same version of Windows Server, you will necessarily choose the latest version available to benefit from all the features offered by your version of Windows Server.

In this article, you will find a quick summary of the different features that have appeared in each version of Windows Server for the forest and the domain functional level.

  1. Windows Server 2003 functional level
    1. Forest functional level on Windows Server 2003
    2. Domain functional level on Windows Server 2003
  2. Windows Server 2008 functional level
    1. Forest functional level on Windows Server 2008
    2. Domain functional level on Windows Server 2008
  3. Windows Server 2008 R2 functional level
    1. Forest functional level on Windows Server 2008 R2
    2. Domain functional level on Windows Server 2008 R2
  4. Windows Server 2012 functional level
    1. Forest functional level on Windows Server 2012
    2. Domain functional level on Windows Server 2012
  5. Windows Server 2012 R2 functional level
    1. Forest functional level on Windows Server 2012 R2
    2. Domain functional level on Windows Server 2012 R2
  6. Windows Server 2016 functional level
    1. Forest functional level on Windows Server 2016
    2. Domain functional level on Windows Server 2016

1. Windows Server 2003 functional level

1.1. Forest functional level on Windows Server 2003

Windows Server 2003 brings many new features to the forest, including :

  • forest approvals : what is interesting when 2 companies merge, for example
  • the ability to change the domain of a domain controller
  • replication of linked values : this allows the replication of only modified links and not complete objects. For example, if you change the members of a group, only those links will be replicated, not the entire group object.
  • the ability to deploy a read-only domain controller (RODC)
  • and more

1.2. Domain functional level on Windows Server 2003

Windows Server 2003 brings new features to the domain, including :

  • the "Netdom.exe" tool which allows you to manage a domain and rename domain controllers if you wish
  • the addition of a new "lastLogonTimestamp" attribute which corresponds to the time when the user logged in for the last time.
    Note that this attribute is replicated only at the same domain level.
  • the possibility of redirecting the creation of new computers and users to the desired containers rather than using the original "CN=Computers" and "CN=Users" containers.
  • the possibility of creating delegations of control
  • the appearance of selective authentication to choose which users and groups in a forest can authenticate for the resources of the remote forest
  • and more

2. Windows Server 2008 functional level

2.1. Forest functional level on Windows Server 2008

Windows Server 2008 doesn't add any new feature to the forest functional level.

2.2. Domain functional level on Windows Server 2008

Windows Server 2008 brings new features to the domain, including :

  • the DFS replication support for the SYSVOL folder instead of FRS which was previously used and which is deprecated since version 2012 R2
  • the AES 128 and AES 256 support for the Kerberos protocol
  • the ability to deploy personal virtual desktops
  • and more

3. Windows Server 2008 R2 functional level

3.1. Forest functional level on Windows Server 2008 R2

Windows Server 2008 R2 brings only one new feature to the forest :

  • Active Directory Recycle Bin : this allows you to restore deleted Active Directory objects without losing the links they potentially had with other Active Directory objects.

3.2. Domain functional level on Windows Server 2008 R2

Windows Server 2008 R2 brings new features to the domain, including :

  • possibility of knowing the type of logon used (username/password or smart card)
  • and more

4. Windows Server 2012 functional level

4.1. Forest functional level on Windows Server 2012

Windows Server 2012 doesn't add any new feature for the forest functional level.

4.2. Domain functional level on Windows Server 2012

Windows Server 2012 brings new feature for the domain :

  • the Key Distribution Center (KDC) support for authentication, claims and policy administrative templates

5. Windows Server 2012 R2 functional level

5.1. Forest functional level on Windows Server 2012 R2

Windows Server 2012 R2 doesn't add any new feature for the forest functional level.

5.2. Domain functional level on Windows Server 2012 R2

Windows Server 2012 R2 brings new features for the domain :

  • protection of domain controllers for protected users
  • the appearance of authentication policies
  • the appearance of authentication policies silos

6. Windows Server 2016 functional level

6.1. Forest functional level on Windows Server 2016

Windows Server 2016 brings a new feature for the forest :

  • the Privileged Access Management (PAM)

6.2. Domain functional level on Windows Server 2016

Windows Server 2016 brings new features for the domain :

  • 2 new features related to NTLM
  • Kerberos clients using PKInit get an updated Public Key Identity Security Identifier (SID)

For detailed information about the new features available for each forest or domain functional level, see the Microsoft site : Forest and Domain Functional Levels

To see also

Comments

You must be logged in to post a comment

Share your opinion

Pinned content

Contact

® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.

Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.