Word of the Day: Active Directory functional levels

Word of the Day Daily updates on the latest technology terms |June 19, 2018

Active Directory functional levels Active Directory functional levels are controls that specify which advanced Active Directory domain features can be used in an enterprise domain. The enterprise domain is usually comprised of domain controller that run on different versions of the Windows Server operating system. Administrators use Active Directory (AD) to manage users, groups and devices in a domain, but AD features are not backward-compatible with AD domain controllers on earlier versions of Windows Server. In a domain with domain controllers that operate on different Windows Server versions, the Active Directory functional level is limited to the features available on the AD domain controller that uses the earliest version of Windows Server. For example, a domain can include domain controllers that run both Windows Server 2008 R2 and Windows Server 2012 R2, but the Active Directory features and functionality in the Windows Server 2012 R2 domain controller would not be available because the domain's Active Directory functional level would prevent it. Active Directory features must be supported by all domain controllers otherwise those features cannot be used. Administrators can use Active Directory functional levels to restrict which domain controllers can participate in the domain. For example, an administrator can ensure minimum functionality by configuring a domain to run at a Windows Server 2012 R2 functional level; domain controllers that run on earlier Windows Server versions will not be accepted on the domain. Active Directory functional levels can also apply to higher-level forests composed of multiple domains, but the forest functional level is the maximum limiting attribute. A domain within a forest can operate at a higher functional level than a forest, but no domain can operate at a functional level lower than the forest. For example, a forest configured for a Windows Server 2012 R2 functional level allows domains beneath it to use a Windows Server 2012 R2 functional level, but administrators can configure domain within the forest to use a higher functional level, such as Windows Server 2016. Once an Active Directory functional level is raised, it may be difficult -- or impossible -- to roll back without rebuilding the domain or restoring it from a backup. For example, functional level increases in versions of Windows Server earlier than 2008 R2 cannot be rolled back; the administrator must rebuild or restore the domain. For versions of Windows Server 2008 R2 and later, the administrator can usually roll back the functional level with PowerShell cmdlets if the domain's functional level is higher than the forest's functional level. For example, if the domain operates at Windows Server 2012 R2 and the forest operates at Windows Server 2008, the administrator can opt to roll back the domain to Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008. However, if both the domain and forest operate at the same functional level, there are no rollback options for the domain. Quote of the Day "In a multi-domain environment, nesting is unavoidable. Stick to single domain topologies when possible." - Tim Warner Trending Terms Active Directory domain domain controller Active Directory forest Active Directory Certificate Services Microsoft ADMT RODC   Learning Center Organize Active Directory with these strategies Find the best way to organize Active Directory groups with these pointers to reduce the administrative workload. Do Active Directory functional levels still matter? Active Directory functional levels help ensure a certain degree of functionality is retained when different versions of Windows are running on multiple domain controllers. The top Active Directory tools and techniques for backup and restore There are many Active Directory tools to ensure backups and restorations of this critical component to your organization. DCs at sea: Configuring mobile Active Directory domain infrastructures Working with mobile Windows domains can complicate things, but admins should remember that basic Active Directory principles apply to both mobile and fixed domains. Monitor Active Directory replication via PowerShell Monitor Active Directory replication with help from a PowerShell script to avoid an avalanche of issues when domain controller synchronization fails. Writing for Business _______ Active Directory enables single sign-on capabilities for Microsoft apps, such as Office 365 and Dynamics CRM. A. In addition, B. In addition Answer   Stay In Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com   Visit the Word of the Day Archives and catch up on what you've missed!   FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.