Raise Function Levels in Windows Server 2003
The purpose of this page is to explain how the terms ‘Mixed and Native mode’ apply in Windows Server 2003. Actually the terms mixed and native have been superseded by ‘Raise Function Level’. I will also point out some of the benefits to switching the the higher levels.
There are two separate aspects of Raise Function Level to be aware of. One aspect is the domain and the other is the forest. The key to understanding the concepts is to pay careful attention to these four words, domain, forest, 2000 and2003.
Firstly, a Windows Server 2003 domain can have a mixture of domain controllers: NT 4.0 BDCs, Windows 2000 DCs and naturally, Window Server 2003 DCs. (DC = Domain Controller)
Secondly, the forest may have all domains at the pure Window Server 2003 level. Alternatively, a forest can have domains running Window 2000 mixed or 2000 native domains.
Domain Function Levels – (Mixed and Native)
There are now four domain ‘Levels’ that a Windows Server 2003 can operate in. Whilst it is easy to understand what each level means, it takes time to learn Microsoft’s terminology.
Windows Server 2003. All Server 2003, no other domain controllers. However, even in this level, the whole range of clients and member servers can still join the domain.
Windows Server 2003 Interim. NT4.0 servers and Window Server 2003 (no Windows 2000). This level arises when you upgrade an NT 4.0 PDC to Server 2003. Interim mode is important where you have NT 4.0 groups with more than 5000 members. Windows 2000 does no allow you to create groups with more than 5000 users.
Windows 2000 Native. (Yes Windows 2000 native) allows Windows 2000 and 2003 servers (no NT 4.0).
Windows 2000 Mixed. (Yes Windows 2000 mixed) allows NT 4.0 BDCs and Window 2000. Naturally Windows 2000 mixed is the default function level because it supports all types of domain controllers.
Guy Recommends: A Free Trial of the Network Performance Monitor (NPM)
v12
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
Perhaps the NPM’s best feature is the way it suggests solutions to network problems. Its second best feature is the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you give this Network Performance Monitor a try.
Download your free trial of SolarWinds Network Performance Monitor.
Key Term – Raise Domain Functional Level
Windows 2000 mixed mode means that there is at least one NT 4.0 BDC somewhere in the Forest. To make the switch right-click the Domain object in Active Directory Users and Computers and select: Raise Domain Functional Level. Here is the menu you see:
5 Features Available in Windows 2000 native Level
While Windows Server 2003 mode is the ultimate goal, there are new benefits of deploying Windows Server 2003 in mixed mode (Windows 2000 native).
- Select multiple user objects. Modify attributes of lots of user all in one go. This feature actually works like NT 4.0’s User Manger. For a variety of reasons, multiple selection was not availably in W2K which made it tedious to change several users home directory in one operation.
- Drag-and-drop ability.
One irritation of W2K is that you cannot drag and drop users and computers between OUs. This has been corrected in the latest Active Directory.- Save your queries.
Tip save search queries that you use often in Active Directory Users and Computers, it saves time when you have to repeat the query later.- Application directory partitions.
Useful for controlling the replication scope for DNS (Domain Name System) data stored in Active Directory so that only specific domain controllers in the forest replicate DNS zone information.- Universal group membership cached.
Avoid the need to locate a global catalog across a WAN link during logons by storing user universal group memberships on an authenticating domain controller.
6 Features Available in Windows Server 2003 Level
A reminder that this highest level means all domain controllers are running Windows Server 2003 (No NT 4.0 BDCs or Windows 2000 DCs).
- Domain rename. Rename any domain in the Windows Server 2003 forest. Now you can change the DNS name or NetBIOS name of any child domain or even the forest root domain.
- Domain controller rename tool. Rename domain controllers without having to run DCPROMO and demote them.
- Forest trusts. Create a two way transitive trust to join two forests. Very useful for amalgamating companies.
- Replication enhancements. Unnecessary traffic was created in W2K when you added one member to a group; it resulted in the whole group membership being replicated. Linked value replication allows individual users to be replicated instead of replicating the entire group membership.
- Global catalog replication. Similar to the above, less traffic is replicated when changes are made to the Global catalog
- Defunct schema objects. Deactivate classes or attributes from the schema which you know you will never use.
Guy Recommends: Permissions Analyzer – Free Active Directory Tool
I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource. Give this permissions monitor a try – it’s free!
Download Permissions Analyser – Free Active Directory Tool
Three Forest Levels
All domains at Windows Server 2003 level
At least one domain at Windows Server 2003 Interim, meaning some NT 4.0 domain controllers
Windows 2000 level (default) mixture of NT 4.0, Windows 2000 levels
Key extra features of a forest at Windows Server 2003 level
Cross forest trusts
Domain Rename
(There are more advantages for schema developers)
