UCF STIG Viewer Logo

The domain functional level must be Windows 2003 or higher.


Overview

Finding ID Version Rule ID IA Controls Severity
V-8551 AD.0160 SV-9048r1_rule ECSC-1 Medium
Description
Non-vendor supported versions of AD are not permitted for use in DoD. Domain controllers using Windows NT and Windows 2000 are no longer supported or updated by the vendor. If Windows NT or Windows 2000 domain controllers are used in AD domains, the level of security in the domain and forest is significantly reduced because many advanced features of the directory are not available. Further Policy Details: Raising the domain functional level to Windows Server 2003 or higher is a non-reversible task. This action prevents the addition of Windows NT- or Windows 2000–based domain controllers to the domain. Any existing Windows NT- or Windows 2000–based domain controllers in the environment will no longer function.
STIG Date
Active Directory Domain Security Technical Implementation Guide (STIG) 2013-03-12

Details

Check Text ( C-7710r1_chk )
1. Select the left pane item that matches the name of the domain being reviewed.

2. Right-click the domain name and select the Properties item.

3. On the General tab, note the value of “Domain functional level”.

4. If the current domain functional level is Windows Server 2000, Windows 2003 Interim, or Windows NT, then this is a finding.
Fix Text (F-8071r1_fix)
Raise the domain functional level to Windows Server 2003 or higher.