Domain Services for Windows (DSfW) is the only enterprise grade software in market that can substitute Active Directory for most authentication needs, or co-exist as an identity store in an AD environment with relative ease. While primary use cases for DSfW are well known, in this article we focus on the forest functional level upgrade to AD2012 level in OES 2018. Until now the functional level for DSfW domains was AD2003.
AD2012 schema and functional level
The functional level upgrade is basically updating some aspects of domain controllers that are part of your DSfW domain. It happens when all domain controllers install or upgrade to OES 2018 DSfW. The schema definition of various LDAP based object classes and attributes being the most prominent.
Additional definitions to this LDAP schema enable AD2012 specific applications to start working with DSfW (or makes them easier to integrate). msds-SupportedEncryptionTypes is one such widely used attribute. Overall, the number of definitions have increased from 2,876 in AD2003 level to 3,354 in AD2012 level. The upgrade also involves updating msds-BehaviorVersion attribute values to 5, so that Windows and other clients know the functional level of the server.
The screenshot in figure 1 of a mmc (launched in Windows10) connected to OES 2018 DSfW shows the Functional Upgrade.
This article was first published in Open Horizons magazine, Issue 39, 2017/4, p12-13.