Active Directory Functional Levels

Windows 2000 Active Directory domains can run in one of two modes: mixed and native. Mixed mode provides support for Windows NT backup domain controllers (BDCs) while preventing the use of certain NT-incompatible Active Directory features, such as universal security groups. Windows Server 2003 takes the concept of modes a step further, and it renames them functional levels .

Similar to Windows 2000 Active Directory modes, functional levels enable Active Directory to remain compatible with older versions of Windows while preventing the use of certain features that would compromise backward-compatibility. Every Windows Server 2003 Active Directory domain starts in the Windows 2000 mixed functional level, which is identical in functionality to the Windows 2000 mixed mode. Domain functional levels include

  • Windows 2000 mixed ” In this mode, you can have Windows NT, Windows Server 2003, and Windows 2000 domain controllers.

  • Windows 2000 native ” In this mode, you can have only Windows 2000 and Windows Server 2003 domain controllers.

  • Windows Server 2003 ” In this mode, you can have only Windows 2003 domain controllers.

Note

If you upgrade from a Windows 2000 domain that's in native mode, Windows Server 2003 Active Directory starts in the Windows 2000 native functional level.

Because Windows Server 2003 also introduces new forest-wide functionality to Active Directory, forests have their own functional levels, as follows :

  • Windows 2000 ” This mode supports a forest containing Windows 2000 or Windows Server 2003 domains running at any domain functional level.

  • Windows Server 2003 ” This mode supports only Windows Server 2003 domains running in the Windows Server 2003 domain functional level.

Various features and functionality are available only in the higher-end functional levels. All the features that are available only to Windows 2000 domains running in native mode are available only if a Windows Server 2003 domain is in the Windows 2000 native functional level or a higher functional level. Of the new Windows Server 2003 features discussed in this chapter, the following have functional level restrictions:

  • Domain controller rename requires the Windows Server 2003 domain functional level.

  • Domain rename and restructure requires the Windows Server 2003 forest functional level.

  • Schema class and attribute deactivation requires the Windows Server 2003 forest functional level.

  • The Update Logon Timestamp feature requires the Windows Server 2003 domain functional level.

  • Cross-forest trusts and authentication require the Windows Server 2003 forest functional level.

  • Global catalog (GC) replication improvements require the Windows Server 2003 forest functional level.

Assuming your domain meets the requirements for upgrading, you can raise its functional level. However, Windows Server 2003 doesn't allow you to raise the functional level of any domain that contains domain controllers that would be incompatible with the new level. To raise the domain functional level, open Active Directory Domains and Trusts. Then, right-click the domain and select Raise Functional Level from the pop-up menu. You'll see the dialog box shown in Figure 5.1, which enables you to select a new functional level.

Figure 5.1. This dialog box shows the current functional level and allows you to select a new one.

graphics/05fig01.jpg

Caution

Raising the domain functional level is a one-time operation that cannot be reversed . So, be sure you're serious about raising the level before you take this step.

You can also use Active Directory domains and trusts to raise the forest's functional level. Notice in Figure 5.2 that Windows Server 2003 won't allow you to raise the forest functional level if all the domains in the forest aren't at the proper functional levels themselves . This prevents you from raising the forest to a functional level that would be incompatible with one or more domains.

Figure 5.2. This dialog box displays a warning, rather than allowing you to raise the forest functional level.

graphics/05fig02.jpg

Throughout the rest of this chapter, we'll call your attention to features that require a Windows Server 2003 domain or forest functional level.

graphics/web_icon.gif

To see which domain features are limited by the Windows 2000 mixed and native functional levels, log on to www.samspublishing.com and enter this book's ISBN number (no hyphens or parenthesis) in the Search field; then click the book cover image to access the book details page. Click the Web Resources link in the More Information section and locate article ID# A010501 .




Microsoft Windows Server 2003 Delta Guide
Microsoft Windows Server 2003 Delta Guide (2nd Edition)
ISBN: 0672326639
EAN: 2147483647
Year: 2005
Pages: 136

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net