1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Windows Domain functional levels..

Discussion in 'Windows Server 2003 / 2008 / 2012 / 2016' started by spacer_07, Feb 5, 2008.

  1. spacer_07

    spacer_07 New Member

    Hey guys, would really appreciate a hand here as im stumped with this topic.. ok so in a nutshell, what are the differences between the following:

    Windows 2000 Mixed
    Windows 2000 Native
    Windows server 2003 interim
    Windows server 2003 domain functional level

    Each one has it's limitations to the scope of security/distribution groups however im simply failing to see why this is. Please allow me to quote (Im studying for MCSE)

    My questions:

    1) When it states for example: 'for supporting Windows nt4...domain controllers' what does it mean? As far as im aware, the domain controller is set up on whatever operating system you like.. what exactly does it mean when it states 'supporting it'.
    2) If Windows 2000 mixed supports Nt 4, windows 2000 and windows server 2003, what is the point in having Windows 2000 native? It supports the same as Windows mixed (just one less)

    Sorry.. i just cant get my head around this one for some reason. Thanks in advance guys.


    Thread moved from t&d forum. Boyce
  2. Modey

    Modey Terabyte Poster

    Sorry to sound harsh (and probably unhelpful) but if you don't understand the difference between the different domain functional levels then you probably shouldn't be stuying for the MCSE in the first place. If you had the recommended pre-requisite experience for an MCSE you would know this stuff already as you would have worked in a large multi site multi domain network environment already.
    Certifications: A+, N+, MCP, MCDST, MCSA 2K3, MCTS, MOS, MTA, MCT, MCITP:EDST7, MCSA W7, Citrix CCA, ITIL Foundation
    WIP: Nada
  3. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    This provides a good, clear understanding.

    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  4. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    Meaning, those domain controllers can be used together in a domain.

    Yes, just one less... which will add increased functionality to your domain... functionality that NT 4 can't handle. That's the reason for ANY of the functional levels.
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  5. JonesNW

    JonesNW New Member

    Think the first response you had there was a bit harsh, we all have to start somewhere and it takes time for some things to 'sink in'.

    I found using test software like Transcender really helped me with this kind of thing. IO recently sat the Designing Active Directory exam which featured lots of domain level related questions, and the Transcenders are the closest to the actual exam experience I've found as yet.

    Having these questions in front of you and reviewing the explanation will probably help, did for me anyway!

    Certain functional levels enable advanced features and ease cross-forest/Domain administration. The Technet link in one of the previous should help, when i'm on my own PC later I’ll try and find a few links to an alternative website I found that had a great explanation on it.

    Hope that’s Helpful in some way!
    Certifications: A+,Server+, Network+, SEcurity +, MCSE
    WIP: CCNA, Server 2008 Enterprise admin
  6. zebulebu

    zebulebu Terabyte Poster

    I agree, the first response from Modey probably did come across as a bit harsh, but the sentiment he expressed was well-intentioned enough.

    I think what he was getting at is that the question was, to be honest, a pretty basic one and if the OP didn't know the answer to it they were studying material that was too advanced for their current knowledge. Windows Domain functional levels are something that you would learn within a week of actually being 'on the job' as a Sys Admin (or similar type role). Its like learning what the different RAID configs are as a server admin, or what NAT is as a security admin.

    It's a pretty safe bet that the OP doesn't work in a role which requires immediate hands-on management of Active Directory. What Modey probably meant was that they didn't have much chance of either passing the exam or passing it without dumping their way through it - either way they wouldn't be much use when the domain went tits up and they had to fix it!

    Don't take it the wrong way, most of us on here just want people to be realistic about their chances of passing their certs - rather than just listening to the bullshit of the tech schools :biggrin
    Certifications: A few
    WIP: None - f*** 'em
  7. dennydd

    dennydd New Member

    Explaination from http://www.infotechguyz.com/server2008/domainfunctionallevel.html

    Windows Server 2003 domain functional level features

    - Domain rename capability
    Windows Server 2003 functional level supports rename of Active Directory domain.

    - Cross-forest transitive trusts
    Windows Server 2003 functional level supports transitive trusts between two or more Active Directory forests.

    - Universal group caching
    Windows Server 2003 functional level supports Universal group caching which eliminate the need for local global catalog server

    - Intersite topology generator (ISTG) improvements
    More efficient ISTG algorithm allows support for extremely large numbers of sites.

    - Multivalued attribute replication improvements
    This allows incremental membership changes.

    - Lingering objects (zombies) detection
    Windows Server 2003 ability to detect zombies, or lingering objects.

    - AD-integrated DNS zones in application partitions
    This allows storing of DNS data in AD application partition for more efficient replication.

    Windows Server 2008 domain functional level features

    - Fine-grained password policies
    Allows multiple password polices to be applied to different users in the same domain.

    - Read-Only Domain Controllers
    Allows implementation of domain controllers that only host read-only copy of NTDS database.

    - Granular auditing
    Allows history of object changes in Active Directory.

    - Distributed File System Replication (DFSR)
    Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.

Share This Page