Active Directory on Windows Server version(DFL, FFL) – new features


 List of changes with Domain and Forest functional levels


2008 Domain functional level:

  • Multiple password policies per domain
  • User-viewable last logon information
  • Increased Kerberos encryption
  • DFS replication for SYSVOL shares


2008 R2 Domain functional level:

  • Better and more automated service account management
  • Security logs and access lists based on authentication type


2008 R2 Forest functional level:

  •  AD „recycle bin“


2012 R2 Domain functional level:

  • Restricted admin mode – Mstsc /restrictedadmin (it is not store admin passwordon remote desktop to LSA)
  • LSA Protection
  • Protected user groups
  • Authentication Polices
  • Silos (management for authentication polices)
  • Kerberos Armoring


2012 R2 Forest functional level:

  • nothing