The features available in a Windows Server 2008 domain depend on the functional level. Therefore, you can add additional features to a domain by raising the functional level. Windows Server 2008 supports three different domain functional levels. The three domain functional levels are:

  • Windows 2000
  • Windows Server 2003
  • Windows Server 2008

Windows 2000

When you configure a new Windows Server 2003 domain, the default domain functional level is Windows 2000. This functional level supports Windows 2000, 2003 and 2008 domain controllers. Other available features include universal groups, group nesting, group conversions and security identifier history.

Windows Server 2003

The second domain functional level is Windows Server 2003. Upgrading to this domain functional level provides support for Windows Server 2003 and 2008 domain controllers. You get all the features under the Windows 2000 functional level and additional ones that include:

  • Netdom.exe management tool
  • Logon time stamp dates
  • Ability to redirect Users and Computers container
  • Ability for Authorization Manager to store its authorization policies in AD DS
  • Constrained delegation
  • Selective delegation

Windows Server 2008

The third domain functional level is Windows Server 2008. This domain functional level only provides support for Windows Server 2008 domain controllers. If you want to take advantage of all the features included with Windows Server 2008, you must implement this functional level. Along with the features introduced at the previous levels, you can also take advantage of the following:

  • Distributed File System
  • Advanced Encryption Standard support for the Kerberos protocol
  • Last Interactive Logon Information
  • Fine-grained password policies