IT tutorials
 
Applications Server
 

Active Directory Planning and Installation : Understanding Domain and Forest Functionality

11/29/2013 8:09:28 PM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

Windows Server 2008 Active Directory uses a concept called domain and forest functionality. The functional level that you choose during the Active Directory installation determines which features your domain can use.

Windows Server 2003 and 2008 include additional forest functionality compared to Windows 2000. Forest functionality applies to all of the domains in a forest.

1. About the Domain Functional Level

Windows Server 2008 will support the following domain functional levels:

  • Windows 2000 Native

  • Windows 2003

  • Windows Server 2008

Which function level you use depends on the domain controllers you have installed on your network. This is an important fact to remember. You can use Windows NT 4, Windows 2000 Server, and Windows 2003 member servers in the Windows Server 2008 function level, as long as all domain controllers are running Windows Server 2008.

When you install the first domain controller in a new Windows Server 2008 forest, the domain functional level is set by default to Windows 2000 Native. Windows 2000 Native is the default setting because once a domain function level is upgraded, it cannot be downgraded.

Table 1 shows features available in Windows 2000 Native, Windows 2003, and Windows Server 2008 domain functional levels.

Table 1. Comparing Domain Functional Levels
Domain Functional FeatureWindows 2000 NativeWindows Server 2003Windows Server 2008
Fine-grained password policies.DisabledDisabledEnabled
Read-only domain controller (RODC).DisabledEnabledEnabled
Last interactive logon information.DisabledDisabledEnabled
Advanced Encryption Services (AES 128 and 256) support for the Kerberos protocol.DisabledDisabledEnabled
Distributed File System replication support for Sysvol.DisabledDisabledEnabled
Ability to Redirect the Users and Computers containers.DisabledEnabledEnabled
Ability to rename domain controllers.DisabledEnabledEnabled
Logon Time stamp updates.DisabledEnabledEnabled
Kerberos KDC key version numbers.DisabledEnabledEnabled
InetOrgPerson objects can have passwords.DisabledEnabledEnabled
Converts NT groups to domain local and global groups.EnabledEnabledEnabled
SID history.EnabledEnabledEnabled
Group nesting.EnabledEnabledEnabled
Universal groups.EnabledEnabledEnabled

2. About Forest Functionality

Windows Server 2008 includes new forest functionality features. Forest functionality applies to all of the domains in a forest. All domains have to be upgraded to Windows Server 2008 before the forest can be upgraded to Windows Server 2008.

There are three levels of forest functionality:

  • Windows 2000—the default; supports Windows 2000, 2003, and 2008 domain controllers

  • Windows Server 2003

  • Windows Server 2008

Windows Server 2003 and 2008 have the same forest features. Some of the features are described in the following list:


Global Catalog replication enhancements

When an administrator adds a new attribute to the Global Catalog, only those changes are replicated to other global catalogs in the forest. This can significantly reduce the amount of network traffic generated by replication.


Defunct schema classes and attributes

You can never permanently remove classes and attributes from the Active Directory schema, but you can mark them as defunct so that they cannot be used. With Windows Server 2003 and 2008 forest functionality, you can redefine the defunct schema attribute so that it occupies a new role in the schema.


Forest trusts

Previously, system administrators had no easy way of granting permission on resources in different forests. Windows Server 2003 and 2008 resolve some of these difficulties by allowing trust relationships between separate Active Directory forests. Forest trusts act much like domain trusts, except that they extend to every domain in two forests. Note that all forest trusts are intransitive.


Linked value replication

Windows Server 2003 and 2008 use a concept called linked value replication. With linked value replication, only the user record that has been changed is replicated (not the entire group). This can significantly reduce network traffic associated with replication.


Renaming domains

Although the Active Directory domain structure was originally designed to be flexible, there were several limitations. Due to mergers, acquisitions, corporate reorganizations, and other business changes, you may need to rename domains. In Windows Server 2003 and 2008, you can change the DNS and NetBIOS names for any domain, as well as reposition a domain within a forest. Note that this operation is not as simple as just issuing a rename command. Instead, there's a specific process you must follow to make sure that the operation is successful. Fortunately, when you properly follow the procedure, Microsoft supports domain renaming.


Other features

Windows Server 2003 and 2008 support the following features:

  • Improved replication algorithms and dynamic auxiliary classes are designed to increase performance, scalability, and reliability.

  • Active Directory Federation Services (AD FS, also known as Trustbridge) handles federated identity management. Federated identity management is a standards-based information technology process that enables distributed identification, authentication, and authorization across organizational and platform boundaries. The AD FS solution in Windows Server 2003 (Release 2) and 2008 helps administrators address these challenges by enabling organizations to securely share a user's identity information.

  • Active Directory Application Mode (ADAM) was developed by Microsoft as part of Windows Server 2008 Active Directory for organizations that require flexible support for directory-enabled applications. ADAM, which uses the Lightweight Directory Access Protocol (LDAP), is a directory service that adds flexibility and helps organizations avoid increased infrastructure costs.

 
Others
 
- Active Directory Planning and Installation : Verifying Network Connectivity - Tools and Techniques for Testing Network Configuration
- Active Directory Planning and Installation : Verifying the Filesystem - Setting Up the NTFS Partition
- Sharepoint 2013 : Building an Application with Access Services (part 6) - Adding a Macro, Reporting and External Data
- Sharepoint 2013 : Building an Application with Access Services (part 5) - Modifying Application Views, Creating a Query
- Sharepoint 2013 : Building an Application with Access Services (part 4) - Adding, Removing, and Editing Tables
- Sharepoint 2013 : Building an Application with Access Services (part 3) - Creating the Basic Application
- Sharepoint 2013 : Building an Application with Access Services (part 2) - Configuring SQL Server 2012, Configuring the Windows Development Environment Firewall
- Sharepoint 2013 : Building an Application with Access Services (part 1) - Configuring an On-premise Development Environment
- Microsoft Lync Server 2013 : Lync Online and Hybrid Deployments - Configuring Directory Synchronization (part 1)
- Microsoft Lync Server 2013 : Lync Online and Hybrid Deployments - Configuring Directory Synchronization (part 1)
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
Facebook
 
Technology FAQ
- IIS Web site works in all browsers except Safari on Mac
- notification
- alternative current in to a pc
- parse url in JavaScript
- Dual WAN on a Fortigate 60
- Should Sys Admins (Domain Admins) also have user accounts?
- DR solution for data warehouse
- C# Creating Plugins
- SCCM 2007 collection by OU not showing all pc's
- Email account got spoofed?
programming4us programming4us