Domain Functional Levels - What you Get

Windows 2000 Native:

- Universal Groups

- Group Nesting

- Group Conversion between security and distribution

- SID HIstory

Windows 2003:

- Rename domain controllers (NETDOM.exe)

- LastLogonTime attribute is replicated

- UserPassword attribute can be set as effective password on InetOrgPerson and User

- redirection of users and computers containers (redir)

- AZMAN policies in AD

- Kerberos constrained delegation

Windows 2008:

- DFSR for SYSVOL

- AES 128 and 256 for Kerberos

- Last interactive logon information

- Fine Grained password policies

- Personal Virtual Desktops

Windows 2008 R2

- Authentication Mechanism Assurance (not who is logging in, but how eg: smartcard.)

- Automated SPN management for Managed Service Accounts

Additional resources