Planning and Implementing an Active Directory Infrastructure: Exam 70-294 – Part 1

Set an Active Directory Forest and Domain Functional Level

The Active Directory forest functional level and the Active Directory domain functional level enable the AD features to be available to the entire forest and domain respectively. They only differ in their scope, but the purpose is same. However, the forest functional level affects the AD schema features and the domain functional level does not. Rather, it affects only domain controller specific features.

Domain Functional Levels

Each domain functional level supports certain features. There are four domain functional levels. These functional levels are:

  • Windows 2000 Mixed: When the first Windows Server 2003 domain controller for a domain is installed, it is configured in Windows 2000 Mixed functional level by default. This is important because it allows a Windows Server 2003 domain controller to interact with Windows NT 4, Windows 2000, and Windows Server 2003 domain controllers. In this functional level the domain controller rename tool, update logon timestamp, and user password on InetOrgPerson object features are disabled.
  • Windows 2000 Native: This functional level allows a domain controller running Windows Server 2003 to interact with Windows Server 2000 and Windows Server 2003 domain controllers. The domain functional level should be raised from Windows 2000 Mixed to Windows 2000 Native when there are no Windows NT 4 domain controllers on the network. In this functional level the domain controller rename tool, update logon timestamp, and user password on InetOrgPerson object features are disabled.
  • Windows Server 2003 Interim: This functional level allows a domain controller running Windows Server 2003 to interact with Windows NT 4 and Windows Server 2003 domain controllers. It does not support Windows 2000 domain controllers. This functional level is the only available functional level when you upgrade your first Windows NT domain to a forest.
  • Windows Server 2003: This functional level allows a domain controller running Windows Server 2003 to interact with Windows Server 2003 domain controllers. The domain functional level should be raised to Windows 2003 when there are only Windows 2003 domain controllers on the network.

The domain functional level can be raised by following the below given steps:

  1. Open the Active Directory Domains and Trusts tool from the Administrative Tools in Control Panel.
  2. Right-click the domain and the select Raise Domain Functional Level option from the menu that appears, as shown in Figure 14.

Figure 14

  1. The Domain Functional Level dialog box appears.
  2. Select the desired functional level from the Available Functional Level list.
  3. Click Raise and then click OK.

Forest Functional Level

Each forest functional level supports certain features. There are three forest functional levels. These functional levels are:

  • Windows 2000: When the first Windows Server 2003 domain controller for a forest is installed, it is configured in Windows 2000 functional level by default. This is important because it allows a Windows Server 2003 domain controller to interact with Windows NT 4, Windows 2000, and Windows Server 2003 domain controllers. In this functional level all forest functional level features are disabled except Global catalog replication improvements and that too is enabled if both replication partners are running Windows Server 2003.
  • Windows Server 2003 Interim: This functional level allows a domain controller running Windows Server 2003 to interact with Windows NT 4 and Windows Server 2003 domain controllers. It does not support Windows 2000 domain controllers. This functional level is the only available functional level when you upgrade your first Windows NT domain to a forest.
  • Windows Server 2003: This functional level allows a domain controller running Windows Server 2003 to interact with Windows Server 2003 domain controllers. The forest functional level should be raised to Windows Server 2003 when there are only Windows 2003 domain controllers in the domain and all the domains have functional level set to Windows Server 2003.

The domain functional level can be raised by following the below given steps:

  1. Open the Active Directory Domains and Trusts tool from the Administrative Tools in Control Panel.
  2. Right-click the Active Directory Domains and Trusts node and the select Raise Forest Functional Level option from the menu that appears.
  3. The Forest Functional Level dialog box appears.
  4. Click Raise and then click OK.

3 Comments

  1. Ali

Leave a Reply

Your email address will not be published. Required fields are marked *