1
00:00:07,000 --> 00:00:14,830
Let's take a look at the different aid it is the main functional levels and consider the advantages

2
00:00:14,920 --> 00:00:19,080
of agreed and to the highest possible level.

3
00:00:19,150 --> 00:00:26,410
As you might know many businesses are still Iran and they are aided as demands at the lowest functional

4
00:00:26,410 --> 00:00:28,570
level than they could.

5
00:00:28,570 --> 00:00:35,740
For example it is not unusual to find that an organization is running 80 days demands in Windows Server

6
00:00:35,740 --> 00:00:45,130
2003 mode when all of the aid it is domain controllers are running Windows Server 2012 or newer.

7
00:00:45,160 --> 00:00:50,680
So again aid it is demand can run a different functional levels generally.

8
00:00:50,740 --> 00:00:58,540
Upgrading the demand to a higher functional level introduces additional features lets at least some

9
00:00:58,540 --> 00:01:02,020
of the domain functional levels and their features.

10
00:01:02,020 --> 00:01:08,440
The first one out of the very old one is Windows 2000 Server native.

11
00:01:08,500 --> 00:01:17,500
It includes such feature offsets universal groups group nest and group conversion from security to distribution

12
00:01:17,500 --> 00:01:24,430
or vice versa and security identifier history or seed history.

13
00:01:24,700 --> 00:01:32,510
Please know that you can not install Windows Server 2016 domain controllers in a domain that is running

14
00:01:32,890 --> 00:01:38,350
at the Windows Server at Windows 2000 Server native level.

15
00:01:38,470 --> 00:01:42,590
The next functional level is Windows Server 2003.

16
00:01:42,700 --> 00:01:49,960
It includes such feature sets not dom that exceed these demand management tool makes it possible to

17
00:01:49,960 --> 00:01:51,770
rename domain controller.

18
00:01:51,880 --> 00:02:00,460
Last log on timestamp this attribute remembers the time of the last domain sign in for users and replicate

19
00:02:00,520 --> 00:02:10,090
this to other 80 days domain controllers in the 80 days domain iiNet or do Person object support this

20
00:02:10,180 --> 00:02:19,870
iiNet or a rigid person object is defined in Internet Archive see twenty seven ninety eight and is used

21
00:02:19,870 --> 00:02:26,230
for for duration with X terminal directories services redirection.

22
00:02:26,260 --> 00:02:33,550
This feature provides you the ability to redirect the default location for a user and computer object

23
00:02:33,700 --> 00:02:35,900
constrained delegation.

24
00:02:35,920 --> 00:02:44,290
This feature enables applications to take advantage of the security delegation of user credentials by

25
00:02:44,290 --> 00:02:49,720
using Burrus based authentication selective authentication.

26
00:02:49,720 --> 00:02:58,150
This feature allows you to specify the users and groups that are allowed to authenticate to special

27
00:02:58,450 --> 00:03:05,870
or specific resource servers in a trusted forest and application partitions.

28
00:03:05,890 --> 00:03:13,390
These are used to store information for active directory integrated applications Active Directory integrated

29
00:03:13,390 --> 00:03:22,060
DNS users and application partition which allows for the DNS partition to replicate on domain controllers

30
00:03:22,330 --> 00:03:28,150
that are also DNS servers in the domain or even across the forest.

31
00:03:28,210 --> 00:03:36,910
The next functional level is Windows Server 2008 and it includes such feature or sets distributed file

32
00:03:36,910 --> 00:03:43,640
system or DFS additional interactive log on information.

33
00:03:43,690 --> 00:03:49,540
Fine grained ID password settings and personal virtual desktops.

34
00:03:49,540 --> 00:03:58,810
It also includes advanced encryption standard and roadies CS so distributed file system or DFS application

35
00:03:58,840 --> 00:04:06,930
it is available as a more efficient and robust file replication mechanism than the file replication

36
00:04:06,940 --> 00:04:12,040
service or FRC was used for the CIS while folders.

37
00:04:12,040 --> 00:04:20,240
Additional interactive log on information is stored for each user instead of just the last local log

38
00:04:20,250 --> 00:04:21,070
on time.

39
00:04:21,100 --> 00:04:28,990
Fine grained ID password sadness allow password and account lock out policies to be set for users and

40
00:04:28,990 --> 00:04:32,530
groups replace replacing the default domain sentence.

41
00:04:32,530 --> 00:04:40,660
For those users or group members personal virtual desktops are available for users to connect to by

42
00:04:40,820 --> 00:04:44,910
using Remote app and remote desktop.

43
00:04:44,980 --> 00:04:53,140
Advanced encryption standards support for Burris authentication is available and the last feature of

44
00:04:53,140 --> 00:05:00,460
this functional level is the road C which provide a secure and economical way to provide a detailed

45
00:05:00,460 --> 00:05:09,540
sign in service in remote sites without storing confidential nations such as passwords in untrusted

46
00:05:09,540 --> 00:05:10,560
environments.

47
00:05:10,580 --> 00:05:19,410
Now the next functional level is Windows Server 2008 are two it includes such feature sets authentication

48
00:05:19,410 --> 00:05:27,570
mechanism assurance which packages information about a user sign and method and can be used in conjunction

49
00:05:27,900 --> 00:05:34,500
with application authentication for example with Active Directory of Federation services.

50
00:05:34,500 --> 00:05:42,030
In another example you can ground users who are signing and by using smart cards more resources than

51
00:05:42,030 --> 00:05:45,750
when they sign in with a user name and password.

52
00:05:45,750 --> 00:05:54,840
Another feature is automatic service principal name management or SBN management of managed service

53
00:05:54,840 --> 00:06:00,280
accounts and it allows you to manage account passwords.

54
00:06:00,340 --> 00:06:04,180
The next functional level is Windows Server 2012.

55
00:06:04,260 --> 00:06:11,870
The Windows Server 2012 domain functional level does not implement new features from the Windows Server

56
00:06:11,880 --> 00:06:15,390
two thousand eight are two functional level.

57
00:06:15,390 --> 00:06:24,360
However there is one exception to the key distribution center support for claims compound authentication

58
00:06:24,360 --> 00:06:25,600
and core Burrus.

59
00:06:25,720 --> 00:06:34,260
Our marine is configured to always provide claims or fail on our mode authentication requests.

60
00:06:34,320 --> 00:06:43,020
These functionalities will not be enabled until the demand is set to the Windows Server 2012 functional

61
00:06:43,020 --> 00:06:43,770
level.

62
00:06:43,770 --> 00:06:47,150
Next up is Windows Server 2012.

63
00:06:47,190 --> 00:06:55,050
Our two functional level which includes the following features domain controller side protections for

64
00:06:55,050 --> 00:07:04,140
protected users the protected Users Group was introduced in Windows Server 2012 FA to members of the

65
00:07:04,140 --> 00:07:12,660
protected user group can no longer authenticate with anti-Islamic authentication digest authentication

66
00:07:12,660 --> 00:07:16,190
or credential security support provider.

67
00:07:16,260 --> 00:07:25,620
Windows 8 dot 1 devices do not cache protected users passwords the predicted users group can no longer

68
00:07:25,890 --> 00:07:35,880
use data encryption standard or write West Side for 4 or RC 4 domains must be configured to support

69
00:07:35,880 --> 00:07:39,940
at least the a yes CI 4 sued.

70
00:07:40,020 --> 00:07:48,950
Protected groups can no longer be delegated with unconstrained or unconstrained delegation connections

71
00:07:48,960 --> 00:07:59,660
for protected users to other systems might fail and protected groups can no longer renew user ticket

72
00:07:59,660 --> 00:08:04,540
Grant a ticket beyond the initial for our lifetime.

73
00:08:04,650 --> 00:08:09,940
After four hours protected users must authenticate again.

74
00:08:09,960 --> 00:08:18,300
Another feature is authentication policies can be applied to accounts in Windows 2012 our two domains

75
00:08:18,480 --> 00:08:25,890
and the last feature of this motives authentication policies silos are used to create a relationship

76
00:08:26,160 --> 00:08:33,300
between user accounts manage service accounts and computer accounts for authentication policies.

77
00:08:33,300 --> 00:08:42,180
The next domain functional level is Windows Server 2016 which includes such features says Bam Bam is

78
00:08:42,180 --> 00:08:44,580
an expiring links feature.

79
00:08:44,670 --> 00:08:52,020
It allows time bound membership in a security group that is expressed to the time to leave while you're

80
00:08:52,200 --> 00:09:01,050
bound to the Burris ticket lifetime expiring links are available or no linked attributes and are not

81
00:09:01,050 --> 00:09:04,710
limited to the member member of relationship.

82
00:09:04,710 --> 00:09:13,350
Another feature of this mode is join in Asia Active Directory which enhances the identity experience

83
00:09:13,350 --> 00:09:20,360
for business customers by improving the capabilities of organizational and personal devices.

84
00:09:20,370 --> 00:09:28,530
The next feature is Microsoft Passport which is a new authentication feature that allows biometric or

85
00:09:28,530 --> 00:09:36,500
pin signings and the last feature is because Windows Server 2003 is no longer supported.

86
00:09:36,600 --> 00:09:43,950
It is recommended that you raise your domain and for its functional levels to a minimum of Windows Server

87
00:09:44,190 --> 00:09:49,760
2000 aid to ensure assist for the application consistency.

88
00:09:49,800 --> 00:09:56,790
Please know that generally you can not roll back to the 80 days domain functional level after it has

89
00:09:56,790 --> 00:09:58,200
been configured.

90
00:09:58,200 --> 00:10:05,400
If you implement a feature that is only available in a higher domain functional level you can not roll

91
00:10:05,400 --> 00:10:13,970
back to our little state you can only lower their domain functional level by using the set a d demand

92
00:10:13,980 --> 00:10:14,470
mode.

93
00:10:14,470 --> 00:10:16,640
Come on loud in the windows.

94
00:10:16,640 --> 00:10:18,980
Power shall command line interface.