|Domain functional level||Available features||Supported domain controller operating systems|
|Windows 2000 native||All of the default AD DS features and the following directory features are available:|
- Universal groups for both distribution and security groups.
- Group nesting
- Group conversion, which allows conversion between security and distribution groups
- Security identifier (SID) history
Windows Server 2003
Windows Server 2008
|Windows Server 2003||All the default AD DS features, all the features that are available at the Windows 2000 native domain functional level, and the following features are available:|
- The domain management tool, Netdom.exe, which makes it possible for you to rename domain controllers
- Logon time stamp updates - The lastLogonTimestamp attribute is updated with the last logon time of the user or computer. This attribute is replicated within the domain.
- The ability to set the userPassword attribute as the effective password on inetOrgPerson and user objects
- The ability to redirect Users and Computers containersBy default, two well-known containers are provided for housing computer and user accounts, namely, cn=Computers,<domain root> and cn=Users,<domain root>. This feature allows the definition of a new, well-known location for these accounts.
- The ability for Authorization Manager to store its authorization policies in AD DS
- Constrained delegation - Constrained delegation makes it possible for applications to take advantage of the secure delegation of user credentials by means of Kerberos-based authentication.
\You can restrict delegation to specific destination services only.
Selective authentication- Selective authentication makes it is possible for you to specify the users and groups from a trusted forest who are allowed to authenticate to resource servers in a trusting forest.
|Windows Server 2003|
Windows Server 2008
|Windows Server 2008||All of the default AD DS features, all of the features from the Windows Server 2003 domain functional level, and the following features are available:|
- Distributed File System (DFS) replication support for the Windows Server 2003 System Volume (SYSVOL)
-DFS replication support provides more robust and detailed replication of SYSVOL contents.
- Advanced Encryption Standard (AES 128 and AES 256) support for the Kerberos protocol
- Last Interactive Logon Information - Last Interactive Logon Information displays the following information:
-- The time of the last successful interactive logon for a user
-- The name of the workstation that the used logged on from
-- The number of failed logon attempts since the last logon
- Fine-grained password policies -- Fine-grained password policies make it possible for you to specify password and account lockout policies for users and global security groups in a domain. For more information, see Step-by-Step Guide for Fine-Grained Password and Account Lockout Policy Configuration (http://go.microsoft.com/fwlink/?LinkID=91477).
|Windows Server 2008|