Reading Time: 3 minutes
Just as there are no Windows Server 2019 Forest Functional Level (FFL) or Windows Server 2019 Domain Functional Level (DFL), there are no Windows Server 2022 FFL or DFL either in Microsoft Windows Server’s Active Directory Domain Services (AD DS).
The unavailability of the Windows Server 2022 Forest Functional Level (FFL) and Windows Server 2022 Domain Functional Level (DFL) has the following impact:
- There are, apparently, no new features in Active Directory Domain Services in Windows Server 2019 or Windows Server 2022, that require a new Domain Functional Level.
- There are, apparently, no new features in Active Directory Domain Services in Windows Server 2019 or Windows Server 2022, that require a new Forest Functional Level.
- When upgrading or transitioning Active Directory from Windows Server 2016 to Windows Server 2019 or Windows Server 2022, the Domain Functional Level (DFL) and Forest Functional Level (FFL) do not have to be raised. This eliminates two steps of the process.
- When upgrading or transitioning Active Directory from Windows Server 2012 or Windows Server 2012 R2 to Windows Server 2019 or Windows Server 2022, the Domain Functional Level (DFL) and Forest Functional Level (FFL) only need to be raised to Windows Server 2016.
- There is no way to limit the ability for Active Directory admins (for domains in an Active Directory forest) to install Windows Server 2016-based Domain Controllers or Windows Server 2019-based Domain Controllers in an environment with Windows Server 2022-based Domain Controllers. However, since Windows Server 2012, there is a way to limit promotions of Domain Controllers altogether.
Not only are the Windows Server 2022 Forest Functional Level (FFL) and Windows Server 2022 Domain Functional Level (DFL) missing, Windows Server 2022 does not even require a schema update. Active Directory schema version 88 is the latest schema version, and it has been around since Windows Server 2019. When you promote a server to a Domain Controller, however, a Windows Server 2022 installation automatically performs any schema update you may need to become the first Windows Server 2022 Domain Controller.
In previous versions of Active Directory, each Windows Server version was accompanied by a corresponding Forest Functional Level (FFL) and Domain Functional Level (DFL).
When upgrading Domain Controllers to newer versions of Windows Server or transitioning to Domain Controllers running newer versions of Windows Server, the functional levels would unlock new functionality on either the Active Directory forest or Active Directory domain level.
RAISING FUNCTIONAL LEVELS
Only when all Domain Controllers for an Active Directory domain would run the newer version of Windows Server, could an Active Directory admin raise the Domain Functional Level (DFL) to the version corresponding with the version of Windows Server.
Only when all domains for an Active Directory forest would run the newer Domain Functional Level (DFL), could an Active Directory admin raise the Forest Functional Level (FFL) to the version corresponding with the version of the domains.
LOWERING FUNCTIONAL LEVELS
Starting with the Windows Server 2008 levels, you can revert to lower Domain Functional Levels and Forest Functional Levels.
Note:
The lowest levels to return to are the Windows Server 2008 Forest Functional Level (FFL) and the Windows Server 2008 Domain Functional Level (DFL).
Note:
Only when the Active Directory Forest Functional Level (FFL) is lowered to a lower version, can any Active Directory domains be lowered to a lower version of the Active Directory Domain Functional Level (DFL).
Note:
Only when the Active Directory Recycle Bin additional features is not implemented, can the Active Directory Forest Functional Level (FFL) be lowered from the Windows Server 2008 R2 to the Windows Server 2008 Forest Functional Level (FFL).
This paints the following picture:
FURTHER READING
KnowledgeBase: The Windows Server 2019 Active Directory DFL and FFL do not exist
Preventing Domain Controller promotions, cloning and demotions
New features in AD DS in Windows Server 2012, Part 3: New Upgrade Process
How to Revert Back or Lower the Active Directory Forest and Domain Functional Levels
Forest and Domain Functional Levels
FAQs
It is a foundation of countless IT infrastructures based on Windows Server operating systems. One of the concepts in AD is the Forest Functional Level (FFL) and Domain Functional Level (DFL). In short, functional levels determine available capabilities.
Should I raise the domain functional level or forest first? ›
As mentioned earlier, the domain functional level must always be chosen to be at the same or higher level than the forest functional level. By default, whenever a new domain is added to the forest, it takes the same level as that of the forest functional level.
What is the difference between forest functional level and domain functional level? ›
A domain within a forest can operate at a higher functional level than a forest, but no domain can operate at a functional level lower than a forest. For example, a forest configured for a Windows Server 2012 R2 functional level lets domains beneath it use a Windows Server 2012 R2 functional level.
Does Windows Server 2022 have Active Directory? ›
Yes, Windows Server 2022 Active Directory DNS server supports encryption DNS (DOH or DOT).
How do I check my DFL and FFL? ›
To find the Domain Functional Level, use the command "Get-ADDomain | fl Name,DomainMode”. To find the Forest Functional Level, use the command “Get-ADForest | fl Name,ForestMode”.
Is it safe to raise forest functional level? ›
The only impact of raising the domain and forest functional levels is that you will no longer be able to deploy domain controllers from older versions of Windows Server. Also, as long as you have an older version of Windows Server as a DC you won't be able to raise the level past that server.
Can domain functional level be higher than forest? ›
You can set the domain functional level to a value that is higher than the forest functional level, but you cannot set the domain functional level to a value that is lower than the forest functional level.
Why add a new domain to an existing forest? ›
Domains are administrative and security boundaries. The main reasons for creating a new domain would be so that you can have a different set of administrators, users, and resources that are not tied to the first domain.
How do you verify the domain functional level? ›
To Validate the Domain functional Level: In the MMC, click Active Directory Domains and Trusts, right-click Domain, then select Raise Domain Functional Level. A message appears stating the Domain functional level.
What is the difference between a domain tree and a forest in Active Directory? ›
Basically the tree is the domain, the forest can contain many trees (domains). A forest and domain get created the first time a domain is created in Active directory, you also have sites which are like the limbs of the tree. Within the scope of a forest, a domain is a container.
In a domain, the domain functional level setting determines the oldest Windows Server version that can be used as a domain controller in that domain. Similarly, the forest functional level determines the oldest Windows Server version that can be used on a domain controller within the forest.
How do I enable Active Directory in Windows 2022? ›
How do I install Active Directory on Windows Server 2022 using the Server Manager? To install Active Directory using the Server Manager, launch the Server Manager and click on “Add roles and features”. Then select the “Active Directory Domain Services” role and follow the wizard to complete the installation.
What is the Active Directory schema version for Windows Server 2022? ›
"objectVersion" attribute to Operating System
| Version | Operating System |
|---|
| 69 | Windows Server 2012 R2 |
| 87 | Windows Server 2016 |
| 88 | Windows Server 2019 |
| 88 | Windows Server 2022 |
6 more rowsFeb 19, 2024
Process of Installing Active Directory on Windows Server 2022
- Log in to Server Manager. ...
- Select “Add Roles and Features” ...
- Select Installation Type. ...
- Server Selection. ...
- Select Server Roles. ...
- Select and Add Features. ...
- Active Directory Domain Service. ...
- Confirm Installation Selections.
The degree of financial leverage (DFL) is a leverage ratio that measures the sensitivity of a company's earnings per share to fluctuations in its operating income, as a result of changes in its capital structure. This ratio indicates that the higher the degree of financial leverage, the more volatile earnings will be.
What are the 2 basic classes of Active Directory? ›
Active Directory structures consist of information about objects classified into two categories: resources (such as printers) and security principals (which include user or computer accounts and groups).
How does DFS work with Active Directory? ›
DFS organizes shared resources on a network in a treelike structure. DFS supports stand-alone DFS namespaces, those with one host server, and domain-based namespaces that have multiple host servers and high availability. The DFS topology data for domain-based namespaces is stored in Active Directory.
What is mixed mode and native mode in Active Directory? ›
Depending on your organization, when you convert to native mode can be a critical decision with major implications. It's a one-way conversion—there's no going back. Mixed Mode. In mixed mode, a Win2K domain assigns a domain controller to act as a PDC for NT BDCs.
