A. Windows 2003 introduced a second incarnation of Active Directory (AD) that supports several forest modes, just as Windows 2000 supports several domain modes. To take advantage of some of these forest enhancements, your domains and domain controllers (DCs) must be running Windows 2003. The following forest modes are available:

  • Windows 2000--In this mode, which is the default mode, a forest can have Windows NT DCs as well as Win2K and later DCs.
  • Windows Server 2003 Interim--In this mode, a forest can support only Windows 2003 and NT DCs. This mode provides additional functionality over the Win2K mode, including linked value replication (LVR) support for more than 5000 users in a group; improved support for Inter-Site Topology Generator (ISTG), an automatically assigned DC responsible for creating the replication topology between locations; and support for additional Global Catalog (GC) attributes. You set this mode when you use Dcpromo to upgrade from NT 4.0 to Windows 2003.
  • Windows Server 2003--In this mode, a forest can have only Windows 2003 DCs. This mode provides additional functionality over the Windows Server 2003 Interim mode, including support for dynamically linked auxiliary classes for creating objects with an associated Time-To-Live (TTL) value and automatically removing those objects after the time has expired, the ability to convert User objects to inetOrgPerson (and vice versa), Schema deactivation and reactivation, domain renaming, establishing forest trusts, Basic- and Query-based groups, and 15-second intra-site replication frequency. You must manually switch modes to upgrade to Windows Server 2003 mode.

To change the Windows 2003's forest mode, you must be an Enterprise Administrator. Migrating Win2K groups with more than 5000 users can often cause problems. If you're upgrading from NT 4.0 and you can't migrate to Windows Server 2003 Interim mode during the upgrade (e.g., if you know you'll have Win2K DCs), you should divide groups that have more than 5000 users into multiple smaller groups (e.g., groupa-m and groupn-z) before you upgrade to Windows 2003. Also, before you upgrade the forest to Windows 2003, ensure that all domains are in at least Win2K Native mode and contain only Windows 2003 DCs. Then, when you upgrade the forest to Windows 2003 forest level, all domains will automatically upgrade to Windows 2003 domain level.