If you are like many companies, you have moved to Microsoft Active Directory to take advantage of special features and capabilities over Windows NT domains. Examples of these special powers include extensible database, multi-mater domain controllers, and automatic two-way transitive trusts. These are benefits that Windows 2000 Active Directory domains provide. There are even more benefits that moving to Windows Server 2003 provide, such as special domain and forest levels that add even more features to your Active Directory implementation.
Domain Functional Levels
If you already have Windows 2000 Active Directory, you are most likely very familiar with the concept of domain modes. Just to review the modes that you had available, you had two to choose from:
* Mixed mode (default) – This mode allows for both Windows 2000 domain controllers and Windows NT domain controllers.
* Native mode – This mode only allows for Windows 2000 domain controllers and provides additional features such as group nesting and full directory service functionality.
Once you move to Windows Server 2003 you have additional modes to choose from. Some of the modes are similar to the Windows 2000 options, but others are new to gain the benefits of Windows Server 2003 domain controllers. There are a total of four domain mode options for Windows Server 2003 Active Directory domains.
* Windows 2000 mixed (default) – In almost every
* Windows 2000 native – This level is almost identical to the Windows 2000 native mode, but it allows for Windows Server 2003 domain controllers to be included in the domain.
* Windows Server 2003 Interim – This level is designed to go from Windows NT domains to Windows Server 2003 domains, bypassing Windows 2000 Server domain controllers. This domain does not allow for Windows 2000 domain controllers.
* Windows Server 2003 domain – This is the top level, only allowing Windows Server 2003 domain controllers and provides full features and functionality that Windows Server 2003 Active Directory provides.
Forest Functional Levels
Once you have Windows Server 2003 domain controllers in the domain, you have to also choose the forest functional level. When you are presented with the forest functional levels, you will have three to choose from.
* Windows 2000 (default) – This forest level is really nothing more than what you had by default with on Windows 2000 domain controllers. This is the default forest level and provides basic forest features and functionality.
* Windows Server 2003 Interim – This forest level is used in conjunction with the Windows Server 2003 Interim domain level. This means that you can only have Windows Server 2003 and Windows NT domain controllers. You do gain benefits of improved replication and new attributes included in the global catalog.
* Windows Server 2003 – This forest level is the top level, providing full features and functionality such as forest level trusts. This level only allows for Windows Server 2003 domain controllers in all domains in the forest. This forest level also requires that all domains in the forest are Windows Server 2003 domain level.
Which functional level is best for your organization?
Here are some guidelines to help you choose the domain and forest functional level that is ideal for your company.
* Windows 2000 mixed – This is a common level for companies that still have Windows NT domain controllers. Not as common as it once was, especially since Microsoft is reducing the support for Windows NT at the end of 2004.
* Windows 2000 native – If you moved to Active Directory with Windows 2000, you are most likely still at this level. This is typically only for companies that are moving from Windows NT to Windows 2000 Active Directory.
* Windows Server 2003 Interim – With Windows Server 2003 proven to be a stable operating system, this is the level of choice for those companies making the move to Active Directory at this time. There is no reason to include Windows 2000 domain controllers.
* Windows Server 2003 – A great choice for small organizations or companies looking to merge Active Directory forests together. A limiting factor to this level is that all domain controllers in every domain in the entire forest must be running Windows Server 2003.
There are many choices for choosing the functional levels for both Windows 2000 and Windows
Server 2003 Active Directory domains and forests. The decisions require you to know where you are
with Windows versions and where you will be with Windows versions. If you can determine your needs
for versioning, these guidelines above will help you choose which functional level is best for
This was first published in December 2004