What are the domain and forest function levels in a Windows Server 2003-basedActive Directory?
Functional levels are an extension of the mixed/native mode concept introduced in Windows 2000 to activate new Active Directory features after all the domain controllers in the domain or forest are running the Windows Server 2003 operating system.
When a computer that is running Windows Server 2003 is installed and promoted to a domain controller, new Active Directory features are activated by the Windows Server 2003 operating system over its Windows 2000 counterparts. Additional Active Directory features are available when all domain controllers in a domain or forest are running Windows Server 2003 and the administrator activates the corresponding functional level in the domain or forest.
To activate the new domain features, all domain controllers in the domain must be running Windows Server 2003. After this requirement is met, the administrator can raise the domain functional level to Windows Server 2003
To activate new forest-wide features, all domain controllers in the forest must be running Windows Server 2003, and the current forest functional level must be at Windows 2000 native or Windows Server 2003 domain level. After this requirement is met, the administrator can raise the domain functional level.
Note: Network clients can authenticate or access resources in the domain or forest without being affected by the Windows Server 2003 domain or forest functional levels. These levels only affect the way that domain controllers interact with each other.
When the first Windows Server 2003–based domain controller is deployed in a domain or forest, a set of default Active Directory features becomes available. The following table summarizes the Active Directory features that are available by default on any domain controller running Windows Server 2003:
When the first Windows Server 2003–based domain controller is
deployed in a domain or forest, the domain or forest operates by default
at the lowest functional level that is possible in that environment.
This allows you to take advantage of the default Active Directory
features while running versions of Windows earlier than Windows Server
2003.
Functional levels are an extension of the mixed/native mode concept introduced in Windows 2000 to activate new Active Directory features after all the domain controllers in the domain or forest are running the Windows Server 2003 operating system.
When a computer that is running Windows Server 2003 is installed and promoted to a domain controller, new Active Directory features are activated by the Windows Server 2003 operating system over its Windows 2000 counterparts. Additional Active Directory features are available when all domain controllers in a domain or forest are running Windows Server 2003 and the administrator activates the corresponding functional level in the domain or forest.
To activate the new domain features, all domain controllers in the domain must be running Windows Server 2003. After this requirement is met, the administrator can raise the domain functional level to Windows Server 2003
To activate new forest-wide features, all domain controllers in the forest must be running Windows Server 2003, and the current forest functional level must be at Windows 2000 native or Windows Server 2003 domain level. After this requirement is met, the administrator can raise the domain functional level.
Note: Network clients can authenticate or access resources in the domain or forest without being affected by the Windows Server 2003 domain or forest functional levels. These levels only affect the way that domain controllers interact with each other.
When the first Windows Server 2003–based domain controller is deployed in a domain or forest, a set of default Active Directory features becomes available. The following table summarizes the Active Directory features that are available by default on any domain controller running Windows Server 2003:
| Feature | Functionality |
| Multiple selection of user objects | Allows you to modify common attributes of multiple user objects at one time. |
| Drag and drop functionality | Allows you to move Active Directory objects from container to container by dragging one or more objects to a location in the domain hierarchy. You can also add objects to group membership lists by dragging one or more objects (including other group objects) to the target group. |
| Efficient search capabilities | Search functionality is object-oriented and provides an efficient search that minimizes network traffic associated with browsing objects. |
| Saved queries | Allows you to save commonly used search parameters for reuse in Active Directory Users and Computers |
| Active Directory command-line tools | Allows you to run new directory service commands for administration scenarios. |
| InetOrgPerson class | The inetOrgPerson class has been added to the base schema as a security principal and can be used in the same manner as the user class. |
| Application directory partitions | Allows you to configure the replication scope for application-specific data among domain controllers. For example, you can control the replication scope of Domain Name System (DNS) zone data stored in Active Directory so that only specific domain controllers in the forest participate in DNS zone replication. |
| Ability to add additional domain controllers by using backup media | Reduces the time it takes to add an additional domain controller in an existing domain by using backup media. |
| Universal group membership caching | Prevents the need to locate a global catalog across a wide area network (WAN) when logging on by storing universal group membership information on an authenticating domain controller. |
| Secure Lightweight Directory Access Protocol (LDAP) traffic | Active Directory administrative tools sign and encrypt all LDAP traffic by default. Signing LDAP traffic guarantees that the packaged data comes from a known source and that it has not been tampered with. |
| Partial synchronization of the global catalog | Provides improved replication of the global catalog when schema changes add attributes to the global catalog partial attribute set. Only the new attributes are replicated, not the entire global catalog. |
| Active Directory quotas | Quotas can be specified in Active Directory to control the number of objects a user, group, or computer can own in a given directory partition. Members of the Domain Administrators and Enterprise Administrators groups are exempt from quotas. |
No comments:
Post a Comment