RAISE FOREST FUNCTIONAL LEVEL AND DOMAIN LEVEL IN ACTIVE DIRECTORY
Possible to set the domain functional level to a value that is higher than the forest functional level, but cannot set the domain functional level to a value that is lower than the forest functional level.
| Functional level | New features | Supported Windows Server version for DC |
| Windows Server 2000 | Windows Server 2000 – 2008 R2 | |
| Windows Server 2003 | Forest trust | Windows Server 2003 – 2016 |
| Domain rename | ||
| Read Only Domain Controller (RODC) | ||
| Domain-based DFS with access-based enumeration support | ||
| Windows Server 2008 | DFS replication for SYSVOL instead FRS | Windows Server 2008 – 2022 |
| Fine-grained password policies | ||
| Windows Server 2008 R2 | Active Directory Recycle Bin | Windows Server 2008 R2 – 2022 |
| Managed Service Accounts | ||
| Windows Server 2012 | KDC support for claims, compound authentication | Windows Server 2012 – 2022 |
| Windows Server 2012 R2 | Protected Users | Windows Server 2012 R2 – 2022 |
| Authentication Policies | ||
| Windows Server 2016 | Privileged access management with MIM | Windows Server 2016 – 2022 |
| Smart card required for interactive logon |
Note: Windows Server 2016 is the maximum functional level for Active Directory.
Powershell cmd to check the current DFL and FFL
Get-ADDomain | fl Name, DomainMode
Get-ADForest | fl Name, ForestMode