Domain Functional Levels – What you Get

Windows 2000 Native:

– Universal Groups

– Group Nesting

– Group Conversion between security and distribution

– SID HIstory

Windows 2003:

– Rename domain controllers (NETDOM.exe)

– LastLogonTime attribute is replicated

– UserPassword attribute can be set as effective password on InetOrgPerson and User

– redirection of users and computers containers (redir)

– AZMAN policies in AD

– Kerberos constrained delegation

Windows 2008:


– AES 128 and 256 for Kerberos

– Last interactive logon information

– Fine Grained password policies

– Personal Virtual Desktops

Windows 2008 R2

– Authentication Mechanism Assurance (not who is logging in, but how eg: smartcard.)

– Automated SPN management for Managed Service Accounts

Comments (0)

Skip to main content