UEU-co logo

ch09lev1sec5.html


Previous Page Next Page

Raising Domain Functional Levels

Windows 2000 Server introduced the concept of domain functional levels. A domain could operate in either mixed mode (running Windows NT and Windows 2000 servers) or native mode (Windows 2000 servers only). The domain functional levels for Windows Server 2003 included a new (higher) functional level for domains that only deployed domain controllers running Windows Server 2003 (the Windows Server 2003 functional level).

In the Windows Server 2008 environment are three possible functional levels: Windows 2000, Windows Server 2003, and Windows Server 2008. The Windows 2000 functional level enables you to run domain controllers that use Windows 2000 Server, Windows Server 2003, and Windows Server 2008. The Windows 2003 functional level allows only servers running Windows Server 2003 and Windows Server 2008. The Windows Server 2008 functional level allows only domain controllers that are running Windows Server 2008.

The functional level that you select also affects the type of groups that are supported. For example, the Windows 2000 functional level provides an environment that supports universal groups in the Active Directory.

In the Windows Server 2003 functional level mode, you can fully nest groups and you can also rename domain controllers. This functional level also enables you to continue to use servers running Windows Server 2003 in the domain along with servers that are running Windows Server 2008.

The Windows Server 2008 function level provides new groups related to new features provided by the 2008 network platform. For example, because Windows Server 2008 allows you to deploy read-only domain controllers, groups have been added to the User folder that can be used to either allow or deny the replication of group member passwords to read-only domain controllers on the network. There is even a new universal security group for read-only domain controllers named Enterprise Read-Only Domain Controllers.

By the Way

The Windows Server 2003 and Windows Server 2008 functional levels include the capability to change security groups from one domain to another.

Forest functional levels can be raised and the options available to you in terms of raising the functional level depend on the functional level that you set when you installed Active Directory Domain Services and brought the domain controller online. For example, if you selected the Windows 2000 functional level when you created your forest, you can raise the functional level to either Windows Server 2003 or Windows Server 2008. If you selected Windows Server 2003 as your functional level, you can raise it to Windows Server 2008.

Be advised that raising the domain or forest functional level is a one-way process. After you raise the functional level, you cannot change it and go back. Raising the root domain functional level of any tree in a forest also raises the functional level of all the child domains in the tree.

By the Way

Remember that the functional level determines what version (or versions) of the Windows Server operating system you can run in the domain on domain controllers. It also determines the default groups and types of groups that you can take advantage of.

To raise the domain functional level, follow these steps:

1. In the Active Directory Users and Computers snap-in (click Start, Administrative Tools, and then Active Directory Users and Computers, or access the snap-in in the Server Manager node tree), right-click Active Directory Users and Computers. Point at All Tasks on the shortcut menu that appears and then Raise Domain Functional Level. The Raise domain functional level dialog box opens (see Figure 9.5).

Figure 9.5. Raising the domain functional level.

2. Click the Select an Available Domain Functional Level drop-down list. Select either Windows Server 2003 or Windows Server 2008 (if you were at the Windows 2000 functional level). If you were already at the Windows Server 2003 functional level, select Windows Server 2008. Then click the Raise button.

3. A message box appears letting you know that you cannot reverse this action. Click OK to complete the process.

4. A message appears letting you know that the functional level was raised. The new functional level is replicated to the domain controllers in your domain. Click OK. You can close the Active Directory Users and Computers snap-in if you want.

Previous Page Next Page

Leave a Reply


Time limit is exhausted. Please reload the CAPTCHA.

Categories

apply_now Pepperstone Group Limited