This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Domain functional levels
Domain functional levels

Version management

Difference between version and

At line 1 added 11 lines
!!! Overview
||Domain functional level||Available features||Supported domain controller operating systems
|Windows 2000 native|All of the default AD DS features and the following directory features are available:\\ - Universal groups for both distribution and security groups.\\ - Group nesting\\ - Group conversion, which allows conversion between security and distribution groups\\ - Security identifier (SID) history|Windows 2000\\Windows Server 2003\\Windows Server 2008
|Windows Server 2003|All the default AD DS features, all the features that are available at the Windows 2000 native domain functional level, and the following features are available:\\ - The domain management tool, Netdom.exe, which makes it possible for you to rename domain controllers\\ - Logon time stamp updates - The lastLogonTimestamp attribute is updated with the last logon time of the user or computer. This attribute is replicated within the domain.\\ - The ability to set the userPassword attribute as the effective password on inetOrgPerson and user objects\\ - The ability to redirect Users and Computers containersBy default, two well-known containers are provided for housing computer and user accounts, namely, cn=Computers,<domain root> and cn=Users,<domain root>. This feature allows the definition of a new, well-known location for these accounts.\\ - The ability for Authorization Manager to store its authorization policies in AD DS\\ - Constrained delegation - Constrained delegation makes it possible for applications to take advantage of the secure delegation of user credentials by means of Kerberos-based authentication.\\\\You can restrict delegation to specific destination services only.\\ Selective authentication- Selective authentication makes it is possible for you to specify the users and groups from a trusted forest who are allowed to authenticate to resource servers in a trusting forest.|Windows Server 2003\\Windows Server 2008
|Windows Server 2008|All of the default AD DS features, all of the features from the Windows Server 2003 domain functional level, and the following features are available:\\ - Distributed File System (DFS) replication support for the Windows Server 2003 System Volume (SYSVOL)\\-DFS replication support provides more robust and detailed replication of SYSVOL contents.\\ - Advanced Encryption Standard (AES 128 and AES 256) support for the Kerberos protocol\\ - Last Interactive Logon Information - Last Interactive Logon Information displays the following information:\\ -- The time of the last successful interactive logon for a user\\ -- The name of the workstation that the used logged on from\\ -- The number of failed logon attempts since the last logon\\ - Fine-grained password policies -- Fine-grained password policies make it possible for you to specify password and account lockout policies for users and global security groups in a domain. For more information, see Step-by-Step Guide for Fine-Grained Password and Account Lockout Policy Configuration (http://go.microsoft.com/fwlink/?LinkID=91477).|Windows Server 2008
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop