Information Technology Reference
In-Depth Information
The majority of day-to-day work in an Active Directory environment
involves managing objects in a domain. With a single-domain, single-site environment, adminis-
trators rarely need to use other tools besides Active Directory Users and Computers. However,
multidomain, multisite, and multiforest environments require maintenance and configuration of
the Active Directory infrastructure in addition to user, group, and computer objects. For exam-
ple, a Windows network that has been in operation for years often has a mix of server OSs. Your
understanding of domain and forest functional levels is critical to maintain this environment. In
addition, multiple forests or multiple trees in the same forest might require trust configuration.
A multisite network requires a solid understanding of site configuration and how domain con-
trollers at different sites replicate with one another. Finally, maintenance of operations master
roles is critical in all but the smallest networks. These topics are paramount to maintaining an
Active Directory environment and are especially important in the 70-640 certification exam.
With each release of a Windows server OS, features have been added to make the Active Directory
environment more capable and easier to manage. However, features added to a new OS release
often aren't compatible with earlier releases. Instead of requiring administrators to upgrade their
current servers before installing a new server version, Windows allows administrators to config-
ure functional levels on new domain controllers to maintain backward compatibility.
When you install the first domain controller in a forest root domain, the forest functional
level defaults to Windows 2000, and the domain functional level defaults to Windows 2000
native. These levels provide the most backward compatibility with older OSs. However, for opti-
mum operation, functional levels should be set to the highest version that domain controllers on
the network support. Be aware that domain and forest functional levels are specific to domain
controllers. Member servers and workstation computers don't have this setting and can be
domain members of domains and forests running at any functional level. The following sections
discuss the features and requirements of each forest and domain functional level.
A functional level called Windows 2000 mixed provides backward com-
patibility with Windows NT domain controllers. This functional level has
been deprecated in Windows Server 2008, and Windows NT domain con-
trollers are no longer supported in the same network as a Windows Server
2008 domain controller.
The forest functional level determines the features of Active Directory that have forest-wide
implications and which server OSs are supported on domain controllers in the forest. A
Windows Server 2008 domain controller supports the following functional levels:
• Windows 2000
• Windows Server 2003
• Windows Server 2008
The forest functional level can be raised from an earlier version to a newer version, but it
can't be changed from a newer version to an earlier version. The following sections describe the
available features and supported OSs for each functional level.
Windows 2000
The Windows 2000 forest functional level supports all the default features of
an Active Directory forest. Because Windows 2000 was the first server OS supporting Active
Directory, this functional level is considered the baseline for forest operation. Some notable features
not supported at this functional level include creating forest trusts and renaming a domain. This level
supports running Windows 2000 Server through Windows Server 2008 on domain controllers.
Windows Server 2003
The Windows Server 2003 forest functional level requires all
domain controllers in all domains to be running at least Windows Server 2003. If there's a pos-
sibility of using a Windows 2000 Server computer as a domain controller in your network, don't
raise the forest functional level to Windows Server 2003.
Search WWH ::
Custom Search