Understanding Functinaol Level

Understanding Functional Levels

Functional Levels determine the features of Active Directory that are enabled in a Domain or Forest. They also control which operating system can run on domain controllers in the Domain or Forest.

Functional Levels are divided in to two categories.

A- Domain Functional Level:
Domain functional level determine which features of Active Directory are available in your domain.
There are three types of Domain functional level available in server 2008. 

A-Windows 2000 native:
    1-Provide basic features with active directory.
    2-Group nesting.
    3-Group conversation means you can convert security group in to distribution group and vice versa.

B- Windows Server 2003
    1-Provide advance attribute for active directory.
    2-Support domain controller to be renamed.
    3-Last logon timestamps that keep record your last login time.
    4-Support Selective Authentication means you can select specific user or group from trusted Domain.

C- Windows Server 2008
    Support all features supported by server 2003 plus following more.

    1-Provide fine-grain password policy separate account policies for specific user or group.
    2-Support DFS-R for SYSVOL replication Provide more detail replication of sysvol contents.
    3-Advance Encryption Service (128 and 256) for Kerberos authentication protocol

B-Forest Functional Level:
Determine what features and functions you can use in your forest, higher functional level provide more features.
There are three types of Forest Functional Level available in server 2008.

A-  Windows 2000
   1-Provide basic function of active directory.
   2-Supported Domain controller Operating systems are Windows server 2000, Server 2003, and Server 2008.

B- Windows Server 2003.
   1-Forest trust: Allow trusting between different forest.
   2-Improved KCC: Knowledge consistency checker algorithms use by site replication.
   3-Rename Domains: Now domain name can be renamed.
   4-Deactivation of attributes and classes of Schema.
   5-Supported Domain controller Operating systems are Windows Server 2003 and Server 2008.

C- Server 2008
   1-No major  feature available in Server 2008
   2-Supported Domain controller Operating systems are Windows Server 2008, 2008R2 and 2012.


Raising the Domain Functional Level:
You can raise the domain functional level after all domain controllers are running a supported version of Windows.

Raising the Forest Functional Level
1-Use the Active Directory Domains and Trusts console to raise the forest functional level.
2-Right-Click the Active Directory Domains And Trusts.
3-Choose Raise Forest Functional Level.
4-The dialog box shown in Figure enables you to choose a higher forest functional level.

To Raise the domain functional level. 
1-Open the Active Directory Domains And Trusts.
2-Right-Click the domain name.
3-Choose Raise Domain Functional Level.

4-In dialog box select a higher domain functional level.

Keep in mind once you raised functional level you can not revert back to previous functional level.