Active Directory Functional Levels Tools and Settings

  • Artigo

In this section

  • Tools for Managing Active Directory Functional Levels
  • Network Ports Used to Raise Active Directory Functional Levels
  • Related Information

This section contains information about the tools that are associated with Active Directory functional levels.

Tools for Managing Active Directory Functional Levels

The following tools are associated with Active Directory functional levels.

Domain.msc: Active Directory Domains and Trusts

Category

An Active Directory Administrative Tools Microsoft Management Console (MMC) snap-in that is automatically installed on all domain controllers running Windows Server 2003.

Version compatibility

This tool is compatible with domain controllers running Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition. This tool can also be run on computers running Windows XP Professional.

Active Directory Domains and Trusts provides a graphical user interface that can be used to manage Active Directory forests, domains, and trusts. Specific to functional levels, this tool can be used for the following:

  • To view the current domain functional level by viewing the properties of the domain object.
  • To view the current forest functional level by viewing the properties of the Active Directory Domains and Trusts node.
  • To raise a domain functional level.
  • To raise a forest functional level.

Dsa.msc: Active Directory Users and Computers

Category

An Active Directory Administrative Tools Microsoft Management Console (MMC) snap-in that is automatically installed on all Windows Server 2003 domain controllers running Windows Server 2003.

Version compatibility

This tool is compatible with domain controllers running Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition. This tool can also be run on computers running Windows XP Professional.

Active Directory Users and Computers provides a graphical user interface that can be used to manage users and computers in Active Directory domains. Specific to functional levels, this tool can be used for the following:

  • To view the current domain functional level by viewing the properties of the domain object.
  • To raise a domain functional level.

Additionally, LDAP Query can be used in this tool for the following:

  • To identify domain controllers running Windows NT 4.0.
  • To connect to a domain.

Adsiedit.exe: ADSI Edit

Category

This tool is included with Support Tools for Windows Server 2003.

Version Compatibility

Can be run from Can be run against

Computers running:

  • Windows Server 2003, Standard Edition
  • Windows Server 2003, Enterprise Edition
  • Windows Server 2003, Datacenter Edition
  • Windows Server 2003, Web Edition
  • Windows XP Professional

Domain controllers running:

  • Windows Server 2003, Standard Edition
  • Windows Server 2003, Enterprise Edition
  • Windows Server 2003, Datacenter Edition
  • Windows 2000 Server

ADSI Edit is a Microsoft Management Console (MMC) tool that uses Active Directory Service Interfaces (ADSI), which ultimately uses the LDAP protocol. This tool can be used to view and modify directory objects in the Active Directory database. Specific to functional levels, this tool can be used to edit the value of msDS-Behavior-Version attribute of the Partitions container to raise the forest functional level to Windows Server 2003 interim, which cannot be done by using the Active Directory administrative tools MMCs.

The msDS-Behavior-Version attribute is set in the ADSI Edit console on the Partitions container object (class crossRefContainer) in the configuration directory partition (cn=partitions,cn=configuration,dc=ForestRootDomainName). Raising the forest functional level to Windows Server 2003 interim requires changing the default value of the attribute from 0 to a value of 1.

To find more information about ADSI Edit, see “Support Tools Help” in Tools and Settings Collection.

Ldp.exe: Ldp

Category

This tool is included with Support Tools for Windows Server 2003.

Version Compatibility

Can be run from Can be run against

Computers running:

  • Windows Server 2003, Standard Edition
  • Windows Server 2003, Enterprise Edition
  • Windows Server 2003, Datacenter Edition
  • Windows Server 2003, Web Edition
  • Windows XP Professional

Domain controllers running:

  • Windows Server 2003, Standard Edition
  • Windows Server 2003, Enterprise Edition
  • Windows Server 2003, Datacenter Edition
  • Windows 2000 Server

Ldp is a graphical user interface (GUI) tool that can be used to perform Lightweight Directory Access Protocol (LDAP) operations (such as connect, bind, search, modify, add, or delete) against any LDAP-compatible directory, such as Active Directory.

Specific to functional levels, Ldp can be used as an alternative to ADSI Edit to modify the value of msDS-Behavior-Version attribute of the Partitions container object (class crossRefContainer) in the configuration directory partition (cn=partitions,cn=configuration,dc=ForestRootDomainName) and raise the forest functional level to Windows Server 2003 interim, which cannot be done by using the Active Directory administrative tools MMCs.

The msDS-Behavior-Version attribute is set in Ldp by using the Replace operation in the Modify dialog box to change the default value of the attribute from 0 to a value of 1, which raises the forest functional level to Windows Server 2003 interim.

To find more information about Ldp, see “Support Tools Help” in Tools and Settings Collection.

Dcpromo.exe: Active Directory Installation Wizard

Category

An Active Directory wizard that is included with Windows Server 2003 and is available from the command line or from the Configure Your Server Wizard on any computer running Windows Server 2003.

Version compatibility

This tool is compatible with computers running Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition.

The Active Directory Installation Wizard provides a graphical user interface for setting up a domain controller by installing Active Directory and, optionally, DNS. Specific to functional levels, the wizard can be used on a Windows NT 4.0 PDC when upgrading it to Windows Server 2003 and forming a new forest, to raise the forest functional level to Windows Server 2003 interim, if appropriate.

Network Ports Used to Raise Active Directory Functional Levels

The following table shows the network ports that are used to raise functional levels.

Port Assignments for Raising Active Directory Functional Levels

Service Name TCP

LDAP

389

LDAP SSL

636

Additionally, replication to all domain controllers requires the ports used for replication. For more information about the ports used for replication, see “Active Directory Replication Tools and Settings" in this collection.

The following resources contain additional information that is relevant to this section.