Windows Server 2003 Functional Levels

Windows Server 2003 Functional Levels

Before doing any migration, it is important to understand the concept of functional levels in Windows Server 2003 and how these levels affect the functionality of Windows Server 2003. To understand functional levels, we will briefly review the concept of naming contexts (NCs), which will make the functionality issue easier to understand.

Windows 2000 had functional levels too, but they weren't referred to as such. These levels in Windows 2000 were called mixed mode and native mode. In Windows 2000, going to native mode basically meant that you could no longer add Windows NT Backup Domain Controllers (BDCs) to the domain. You can have Windows NT servers and Win9x, Windows NT Workstation, Windows 2000 Pro, and Windows XP clients ; you just can't add any Windows NT BDCs.

Similarly, Windows 2003 has native- and mixed-mode domains, but the words "native" and "mixed" are not used. "Native" is called "Windows 2003" and "mixed" shows up in the User interface (UI) as Windows 2000 Native or Windows 2000 Mixed. Also, the process of going to native mode in Windows Server 2003 is referred to as raising the functional level . A Windows 2003 level (native) domain allows only Windows Server 2003 DCs and no Windows 2000 or Windows NT DCs, but does allow downlevel clients and member servers.

A Review of Naming Context (NC)

Windows 2000 and Windows 2003 have three NCs, or partitions, of the AD: the configuration NC, the schema NC, and the domain NC. There is only one configuration and schema NC, but there will be a separate NC for each domain. If we have the company.com domain and it has a child domain, NA.company.com, there would be a total of four naming contexts: one each of configuration and schema NCs, the company.com NC, and the NA.company.com NC.

We call these naming contexts partitions of the AD because certain functions take place only in certain partitions. For example, an operation that modifies a user object operates within the domain NC because the user is in the domain NC and affects only DCs in that domain. This also affects security because a domain Admin has rights to make modifications in the domain NC that he or she is a member of.

Modifying the schema obviously takes place in the schema NC, while replication topology is stored in the configuration NC. That's why you have to be an Enterprise Admin to make changes to replication features such as sites or site links. These types of changes require access to the configuration NC and affects DCs across domain boundaries.

This is important to the discussion of functional levels in the next section.

Domain Functional Level

Unlike Windows 2000, you cannot switch a Windows 2003 domain to native mode if there are downlevel (Windows NT or Windows 2000) DCs in the domain. Figure 3.6 shows the result of an attempt to raise the functional level of a Windows Server 2003 domain to Windows 2003 level (native). Windows detects that one or more Windows 2000 DCs are in the domain and prohibits raising the functional level. In addition, a Save As button is available that creates a comma separated value (CSV) file listing of all DCs that are still at Windows 2000. A typical output looks like this one from the QAmericas domain at HP. One DC was upgraded to Windows 2003 and all other DCs were still at Windows 2000.

 "To update the forest functional level, the domain controllers in the forest must be  running the appropriate version of windows, and no domains in the forest can have a domain  functional level of Windows 2000 mixed or Windows Server 2003." Forest root domain name Qtest.cpqcorp.net Current forest functional level Windows 2000 The following domains include domain controllers that are running earlier versions of windows: Domain Name    Domain Controller    Version of Windows Qamericas.Qtest.cpqcorp.net    QAmericas-DC39.Qamericas.Qtest.cpqcorp.net   Windows 2000  Server 5.0 (2195) Qamericas.Qtest.cpqcorp.net    qamericas-DcJc.Qamericas.Qtest.cpqcorp.net   Windows 2000  Server 5.0 (2195) Qamericas.Qtest.cpqcorp.net    qamericas-dc10.Qamericas.Qtest.cpqcorp.net   Windows 2000  Server 5.0 (2195) Qamericas.Qtest.cpqcorp.net    QAMERICAS-DC2.Qamericas.Qtest.cpqcorp.net    Windows 2000  Server 5.0 (2195) Qamericas.Qtest.cpqcorp.net    qamericas-dc3.Qamericas.Qtest.cpqcorp.net    Windows 2000  Server 5.0 (2195) 

The page width restriction causes the "version of Windows" column to be wrapped to the next line, but you can see how this report quickly tells you which machines must be upgraded before you can raise the functional level.

By default, a Windows 2003 domain, whether it is created in a new installation or migrated from Windows 2000, is configured in Windows 2000 mixed or native mode ”depending on the mode of the Windows 2000 domain at the time of migration. Like Windows 2000, you must manually trigger the domain functionality, which you do either from the Active Directory Users and Computers or the Domains and Trusts snap-ins, as shown in Figure 3.7.

Figure 3.7. Right-click on the domain icon in either the Active Directory Users and Computers snap-in or the Domains and Trusts snap-in to get the option to Raise Domain Functional Level.

Forest Functional Level

Windows Server 2003 takes the concept of native mode one step further and introduces forest level native mode. Thus, you can raise the domain level and raise the forest level to Windows 2003 level. To raise the forest level, all DCs in all domains in the forest must be at Windows Server 2003 level or you will get a similar error to that seen when raising the domain functional level when Windows 2000 DCs are in the domain.

The forest functional level is a bit tricky to find. Open the Domains and Trusts snap-in, and right-click on the Active Directory Domains and Trusts icon, as shown in Figure 3.8. From this dialog box, you can raise the functional level to Windows Server 2003.

Figure 3.8. Raise the forest functional level.

Interim Mode

As if all of this weren't confusing enough, there is interim mode. Interim mode is a temporary mode used when doing an in-place upgrade from Windows NT to Windows Server 2003. This mode allows Windows NT to participate in a Windows 2003 native-mode domain for the purpose of migration. That is, after you upgrade the Windows NT Primary Domain Controller (PDC), you have a Windows Server 2003 native-mode domain with all your BDCs in it. If interim mode were not provided, the BDCs could not function in the domain. Note that interim mode does not allow Windows 2000 DCs. When you perform an in-place upgrade, you are allowed to set the domain to interim mode during the setup. At the conclusion of the upgrade, you can raise the functionality to Windows Server 2003. There is no way to manually specify interim mode via a snap-in.

Functional Level Interoperability

Now comes the hard part ”figuring out possible allowable DC configurations in a mixed-mode forest ”meaning you can have various combinations of Windows 2000, Windows Server 2003, and Windows NT in domains within a mixed-mode forest. Let's start by reviewing a Windows 2000 forest. This forest, illustrated in Figure 3.9, can have a Windows 2000 native-mode domain in the same forest with Windows 2000 mixed-mode domains. The mixed-mode domains can have Windows 2000 and Windows NT DCs.

Similarly, a Windows 2003 forest whose functional level has not been raised can have domains of various configurations, as shown in Figure 3.10. For instance, you can have a Windows Server 2003 native-mode domain with Windows Server 2003 DCs in all domains, a Windows 2000 native-mode domain with Windows 2000 and Windows 2003 DCs (or just Windows 2000 DCs), and a Windows 2000 mixed-mode domain with Windows 2000, Windows 2003, and Windows NT DCs ”all in the same forest.

Figure 3.11 shows that all DCs in all domains in the forest have been upgraded to Windows Server 2003, the domain functional level has been raised to Windows 2003, and the forest level has been raised to Windows 2003.

Windows Server 2003 Functionality

The functional level of the Windows Server 2003 domain and forest determines which of the Windows Server 2003 features are available and operating. Going back to our discussion earlier in this section on NCs, Windows Server 2003 features that operate within the domain NC require a Windows 2003 domain functional level. Features that operate within the configuration and schema NCs require a Windows 2003 forest functional level. Table 3.2 shows the Windows Server 2003 features available for mixed, interim, and native domain functional levels. Table 3.3 shows features available for mixed and native forest functional levels.

Table 3.2. Feature List for Windows Server 2003 Domain Functional Levels

Table 3.3. Feature List for Windows Server 2003 Forest Functional Level

Note that because DC rename is a function that modifies objects in the domain NC, only domain functional level is required. However, to get full benefit of improvements to the KCC for replication performance and Domain Rename, the forest must be raised to Windows 2003 level because the configuration details of those operations are on all DCs and thus in the configuration NC. To find out if a feature requires raising the domain or the forest functional level, determine whether its scope is in the domain, configuration, or schema NC.