Active Directory on Windows Server version(DFL, FFL) – new features

ActiveDirectory

 List of changes with Domain and Forest functional levels

 

2008 Domain functional level:

  • Multiple password policies per domain
  • User-viewable last logon information
  • Increased Kerberos encryption
  • DFS replication for SYSVOL shares

 

2008 R2 Domain functional level:

  • Better and more automated service account management
  • Security logs and access lists based on authentication type

 

2008 R2 Forest functional level:

  •  AD „recycle bin“

 

2012 R2 Domain functional level:

  • Restricted admin mode – Mstsc /restrictedadmin (it is not store admin passwordon remote desktop to LSA)
  • LSA Protection
  • Protected user groups
  • Authentication Polices
  • Silos (management for authentication polices)
  • COMPOUND ID
  • Kerberos Armoring

 

2012 R2 Forest functional level:

  • nothing

relax