With each new release of Windows Server come new sets of features related to the domain and forest functional levels in your Active Directory domain. The table below outlines the differences in domain and forest functional levels between Windows 2000, Windows 2003 and Windows 2008.

  2000 native 2003 native 2008 native
DCs allowed W2K, W2K3, W2K8 W2K3, W2K8 W2K8 only
Domain features Universal groups, Group nesting, Group conversions, Security identifier (SID) history Ability to rename domain controllers via netdom.exe, Logon time stamp dates, Redirect Users and Computers, Authorization Manager policies in AD, Constrained delegation, Selective authentication Distributed File System replication support for SYSVOL, Advanced encryption, Last Interactive Logon information, Fine-grained password policies
Forest features All default AD features Forest trust, domain rename, linked-value replication, Read-only domain controller deployment, instances of the dynamic auxiliary class named dynamicObject in a domain directory partition, convert inetOrgPerson object instance into a User object instance, create instances of new group types to support role-based authorization, deactivation and redefinition of attributes and classes in the schema No new additional forest-level features