Windows Server Insider Preview Build 25941 reveals new AD Forest and Domain functional Levels
Hi All,
I saw some News about a new Windows Server Insider Preview. It seems that this is a very early Preview of Windows Server 2025.
I’ve seen Screenshot of new Active Directory Forest and Domain functional Levels. Time to test it myself.
Refrences:
I’ve downloaded the *.iso File and uploaded it on my ESXi Server and created a new VM.
Here are the Screenshots of the Installation
After the Installation i installed Active Directory Domain Services (ADDS)
As before the Remote Server Administration Tools are also selected
After the Installation you need to promote the Server to a Domain Controller
As you can see there are new Forest and Domain functional Levels “Windows Server 2025”.
Documentation only shows AD Functional “Levels up to Windows Server 2016”
Installation of Domain Controller is Finished and the Server needs to be restarted
Now we log in with the same Password as Domain Administrator
Let’s check again Forest functional level (domain.msc)
Hopefully we will soon know more about the new Functionalitys in Active Directory and Windows Server 2025.
Schema Updates
I figured out, that Windows Server 2022 has a Schema Version 88. So these are the new Schema Updates 89 and 90. Seems that there are a few Changes around Managed Service Account (msa) and some new Settings for the Active Directory Database.
sch89.ldf
dn: CN=ms-DS-Superseded-Service-Account-State,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaAdd
objectClass: attributeSchema
lDAPDisplayName: msDS-SupersededServiceAccountState
adminDisplayName: ms-DS-Superseded-Service-Account-State
adminDescription: This attribute is used to track whether a service account has been superseded by a Delegated Managed Service Account.
attributeID: 1.2.840.113556.1.4.2371
attributeSyntax: 2.5.5.9
oMSyntax: 10
isSingleValued: TRUE
systemOnly: FALSE
searchFlags: 0
schemaIDGUID:: ljBppMOkzU64y3PNY5i3og==
systemFlags: 16
dn: CN=ms-DS-Delegated-MSA-State,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaAdd
objectClass: attributeSchema
lDAPDisplayName: msDS-DelegatedMSAState
adminDisplayName: ms-DS-Delegated-MSA-State
adminDescription: This attribute is used to track whether a DelegatedManagedServiceAccount has been Linked to a Service Account.
attributeID: 1.2.840.113556.1.4.2372
attributeSyntax: 2.5.5.9
oMSyntax: 10
isSingleValued: TRUE
systemOnly: FALSE
searchFlags: 0
schemaIDGUID:: ihNcLzi9FkCItA7IfLtJGQ==
systemFlags: 16
dn: CN=ms-DS-Superseded-Managed-Account-Link,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaAdd
objectClass: attributeSchema
lDAPDisplayName: msDS-SupersededManagedAccountLink
adminDisplayName: ms-DS-Superseded-Managed-Account-Link
adminDescription: This attribute is the forward link from a service account to a delegated managed service account object.
attributeId: 1.2.840.113556.1.4.2373
attributeSyntax: 2.5.5.1
oMObjectClass:: KwwCh3McAIVK
oMSyntax: 127
isSingleValued: TRUE
systemOnly: FALSE
searchFlags: 0
schemaIDGUID:: AuBSN75DyEizyiyy//vIoQ==
systemFlags: 16
InstanceType: 4
linkID: 2222
dn: CN=ms-DS-Superseded-Managed-Account-LinkBL,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaAdd
objectClass: attributeSchema
lDAPDisplayName: msDS-SupersededManagedAccountLinkBL
adminDisplayName: ms-DS-Superseded-Managed-Account-LinkBL
adminDescription: This attribute is the back link from a service account to a delegated managed service account object.
attributeId: 1.2.840.113556.1.4.2374
attributeSyntax: 2.5.5.1
oMObjectClass:: KwwCh3McAIVK
oMSyntax: 127
isSingleValued: TRUE
systemOnly: FALSE
searchFlags: 0
schemaIDGUID:: CnMF+v2eukukphyeVO9X1Q==
systemFlags: 16
InstanceType: 4
linkID: 2223
dn: CN=ms-DS-Managed-Account-Preceded-By-Link,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaAdd
objectClass: attributeSchema
lDAPDisplayName: msDS-ManagedAccountPrecededByLink
adminDisplayName: ms-DS-Managed-Account-Preceded-By-Link
adminDescription: This attribute is the forward link from a delegated managed service account to a service account object.
attributeId: 1.2.840.113556.1.4.2375
attributeSyntax: 2.5.5.1
oMObjectClass:: KwwCh3McAIVK
oMSyntax: 127
isSingleValued: TRUE
systemOnly: FALSE
searchFlags: 0
schemaIDGUID:: K1uUoKJXvUOzJ00RKk6L0Q==
systemFlags: 16
InstanceType: 4
linkID: 2224
dn: CN=ms-DS-Managed-Account-Preceded-By-LinkBL,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaAdd
objectClass: attributeSchema
lDAPDisplayName: msDS-ManagedAccountPrecededByLinkBL
adminDisplayName: ms-DS-Managed-Account-Preceded-By-LinkBL
adminDescription: This attribute is the back link from a delegated managed service account to a service account object.
attributeId: 1.2.840.113556.1.4.2376
attributeSyntax: 2.5.5.1
oMObjectClass:: KwwCh3McAIVK
oMSyntax: 127
isSingleValued: TRUE
systemOnly: FALSE
searchFlags: 0
schemaIDGUID:: 8Ep3lFVTLECcmhJHDIc+Sg==
systemFlags: 16
InstanceType: 4
linkID: 2225
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=Top,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
add: systemMayContain
systemMayContain: 1.2.840.113556.1.4.2374
systemMayContain: 1.2.840.113556.1.4.2376
-
dn: CN=User,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
add: systemMayContain
systemMayContain: 1.2.840.113556.1.4.2371
systemMayContain: 1.2.840.113556.1.4.2373
-
dn: CN=ms-DS-Group-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
delete: systemPossSuperiors
systemPossSuperiors: 1.2.840.113556.1.3.30
-
dn: CN=ms-DS-Delegated-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaAdd
objectClass: classSchema
lDAPDisplayName: msDS-DelegatedManagedServiceAccount
adminDisplayName: ms-DS-Delegated-Managed-Service-Account
adminDescription: The delegated managed service account class is used to create an account which can supersede a legacy service account and shared by different computers.
governsId: 1.2.840.113556.1.5.302
objectClassCategory: 1
rdnAttId: cn
subClassOf: 1.2.840.113556.1.3.30
systemMustContain: 1.2.840.113556.1.4.2372
systemMustContain: 1.2.840.113556.1.4.2199
systemMayContain: 1.2.840.113556.1.4.2375
systemMayContain: 1.2.840.113556.1.4.2200
systemMayContain: 1.2.840.113556.1.4.2198
systemMayContain: 1.2.840.113556.1.4.2197
systemMayContain: 1.2.840.113556.1.4.2196
systemPossSuperiors: 1.2.840.113556.1.3.23
systemPossSuperiors: 2.5.6.5
schemaIDGUID:: b5PrD7NH8kmThh3twsI3ZQ==
defaultSecurityDescriptor: D:(OD;;CR;00299570-246d-11d0-a768-00aa006e0529;;WD)(OD;;RP;e362ed86-b728-0842-b27d-2dea7a9df218;;WD)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(OA;;RPWP;77b5b886-944a-11d1-aebd-0000f80367c1;;PS)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AO)(A;;LCRPDTLOCRSDRC;;;CO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)
showInAdvancedViewOnly: TRUE
defaultHidingValue: FALSE
systemOnly: FALSE
defaultObjectCategory: CN=ms-DS-Delegated-Managed-Service-Account,CN=Schema,CN=Configuration,DC=X
systemFlags: 16
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=Schema,CN=Configuration,DC=X
changeType: ntdsSchemaModify
replace: objectVersion
objectVersion: 89
-
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
sch90.ldf
dn: CN=ms-DS-JetGetRecordSize3,CN=schema,CN=configuration,DC=X
changetype: ntdsSchemaAdd
objectClass: attributeSchema
attributeID: 1.2.840.113556.1.4.2377
attributeSyntax: 2.5.5.12
adminDisplayName: ms-DS-JetGetRecordSize3
adminDescription: This attribute dumps the result of JetGetRecordSize3 API.
oMSyntax: 64
lDAPDisplayName: msDS-JetGetRecordSize3
isSingleValued: TRUE
schemaIDGUID:: L4mhWZ5xo0eVpYYz3Ti6eA==
searchFlags: 0
showInAdvancedViewOnly: FALSE
systemFlags: 20
systemOnly: FALSE
dn: CN=ms-DS-JetDB-Page-Size,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaAdd
objectClass: attributeSchema
ldapDisplayName: msDS-JetDBPageSize
adminDisplayName: ms-DS-JetDB-Page-Size
adminDescription: Attribute used to indicate what page size the DSA supports.
attributeId: 1.2.840.113556.1.4.2378
attributeSyntax: 2.5.5.9
omSyntax: 2
isSingleValued: TRUE
systemOnly: TRUE
searchFlags: 0
schemaIdGuid:: YDqC2vBBiUyUKytwpsAD1A==
showInAdvancedViewOnly: TRUE
systemFlags: 16
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=Top,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
add: systemMayContain
systemMayContain: 1.2.840.113556.1.4.2377
-
dn: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
add: systemMayContain
systemMayContain: 1.2.840.113556.1.4.2378
-
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=Validated-MS-DS-JetDB-Page-Size,CN=Extended-Rights,CN=Configuration,DC=X
changetype: ntdsSchemaAdd
objectClass: controlAccessRight
rightsGuid: da823a60-41f0-4c89-942b-2b70a6c003d4
appliesTo: f0f8ffab-1191-11d0-a060-00aa006c33ed
displayName: Validated write to MS DS Jet Database Page Size
localizationDisplayId: 84
validAccesses: 8
showInAdvancedViewOnly: TRUE
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
#
# Optional Feature Object
#
dn: CN=Database 32k Pages Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=X
changetype: ntdsSchemaAdd
objectClass: msDS-OptionalFeature
msDS-OptionalFeatureGUID:: xiqYUnMeT3WuJHOuJ3WquA==
msDS-RequiredForestBehaviorVersion: 10
msDS-OptionalFeatureFlags: 1
systemFlags: -1946157056
dn: CN=Schema,CN=Configuration,DC=X
changeType: ntdsSchemaModify
replace: objectVersion
objectVersion: 90
-
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
Regards
Andres Bohren
Windows Logo
