With each new release of Windows Server come new sets of features related to the domain and forest functional levels in your Active Directory domain. The table below outlines the differences in domain and forest functional levels between Windows 2000, Windows 2003 and Windows 2008.
|2000 native||2003 native||2008 native|
|DCs allowed||W2K, W2K3, W2K8||W2K3, W2K8||W2K8 only|
|Domain features||Universal groups, Group nesting, Group conversions, Security identifier (SID) history||Ability to rename domain controllers via netdom.exe, Logon time stamp dates, Redirect Users and Computers, Authorization Manager policies in AD, Constrained delegation, Selective authentication||Distributed File System replication support for SYSVOL, Advanced encryption, Last Interactive Logon information, Fine-grained password policies|
|Forest features||All default AD features||Forest trust, domain rename, linked-value replication, Read-only domain controller deployment, instances of the dynamic auxiliary class named dynamicObject in a domain directory partition, convert inetOrgPerson object instance into a User object instance, create instances of new group types to support role-based authorization, deactivation and redefinition of attributes and classes in the schema||No new additional forest-level features|
Since 1994, Scott Lowe has been providing technology solutions to a variety of organizations. After spending 10 years in multiple CIO roles, Scott is now an independent consultant, blogger, author, owner of The 1610 Group, and a Senior IT Executive with CampusWorks, Inc. Scott is available for consulting, writing, and speaking engagements and can be reached at email@example.com.