<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview

||Domain functional level||Available features||Supported domain controller operating systems
|Windows 2000 native|All of the default AD DS features and the following directory features are available:\\ - Universal groups for both distribution and security groups.\\ - Group nesting\\ - Group conversion, which allows conversion between security and distribution groups\\ - Security identifier (SID) history|Windows 2000\\Windows Server 2003\\Windows Server 2008
|Windows Server 2003|All the default AD DS features, all the features that are available at the Windows 2000 native domain functional level, and the following features are available:\\ - The domain management tool, Netdom.exe, which makes it possible for you to rename domain controllers\\ - Logon time stamp updates - The lastLogonTimestamp attribute is updated with the last logon time of the user or computer. This attribute is replicated within the domain.\\ - The ability to set the userPassword attribute as the effective password on inetOrgPerson and user objects\\ - The ability to redirect Users and Computers containersBy default, two well-known containers are provided for housing computer and user accounts, namely, cn=Computers,&lt;domain root&gt; and cn=Users,&lt;domain root&gt;. This feature allows the definition of a new, well-known location for these accounts.\\ - The ability for Authorization Manager to store its authorization policies in AD DS\\ - Constrained delegation - Constrained delegation makes it possible for applications to take advantage of the secure delegation of user credentials by means of Kerberos-based authentication.\\\\You can restrict delegation to specific destination services only.\\ Selective authentication- Selective authentication makes it is possible for you to specify the users and groups from a trusted forest who are allowed to authenticate to resource servers in a trusting forest.|Windows Server 2003\\Windows Server 2008
|Windows Server 2008|All of the default AD DS features, all of the features from the Windows Server 2003 domain functional level, and the following features are available:\\ - Distributed File System (DFS) replication support for the Windows Server 2003 System Volume (SYSVOL)\\-DFS replication support provides more robust and detailed replication of SYSVOL contents.\\ - Advanced Encryption Standard (AES 128 and AES 256) support for the Kerberos protocol\\ - Last Interactive Logon Information - Last Interactive Logon Information displays the following information:\\ --   The time of the last successful interactive logon for a user\\ --   The name of the workstation that the used logged on from\\ --   The number of failed logon attempts since the last logon\\ - Fine-grained password policies -- Fine-grained password policies make it possible for you to specify password and account lockout policies for users and global security groups in a domain. For more information, see Step-by-Step Guide for Fine-Grained Password and Account Lockout Policy Configuration (http://go.microsoft.com/fwlink/?LinkID=91477).|Windows Server 2008


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }] 
</pre>