6.1.4.3 msDS-Behavior-Version: Domain NC Functional Level

The msDS-Behavior-Version for domains is written on both the domain NC root object and the crossRef representing the domain. The attribute on the crossRef is read-only and is kept in sync with the attribute on the domain NC root object. Only the PDC FSMO role owner accepts originating updates to the attribute on the domain NC root.

Requirements: The functional level of a domain is never larger than any domain DC's functional level that hosts or is instructed to host (see section 6.1.2.3) the domain NC. When the functional level of a domain is DS_BEHAVIOR_WIN2003 or greater, the attribute nTMixedDomain on the domain NC root is 0 (see section 6.1.4.1).

The absence of the msDS-Behavior-Version attribute on a domain NC root object is equivalent to the msDS-Behavior-Version attribute on that object having the value zero.

The value msDS-Behavior-Version defines the lower limit on the version of the server operating system that can run on domain controllers within the domain. Ensuring this lower limit allows advanced features to be enabled throughout the domain.

The following values are defined.

Identifier

Domain controller operating systems that are allowed in the domain

Value

DS_BEHAVIOR_WIN2000

Windows 2000 Server operating system through Windows Server 2008 operating system

0

DS_BEHAVIOR_WIN2003_WITH_MIXED_DOMAINS

Windows Server 2003 operating system through Windows Server 2016 operating system

1

DS_BEHAVIOR_WIN2003

Windows Server 2003 through Windows Server 2016

2

DS_BEHAVIOR_WIN2008

Windows Server 2008 and later

3

DS_BEHAVIOR_WIN2008R2

Windows Server 2008 R2 operating system and later

4

DS_BEHAVIOR_WIN2012

Windows Server 2012 operating system and later

5

DS_BEHAVIOR_WIN2012R2

Windows Server 2012 R2 operating system and later

6

DS_BEHAVIOR_WIN2016

Windows Server 2016 and later

7