As you know, Microsoft is preparing an upcoming version of server OS, a version which most probably will be called Windows Server 2025, and, in this post, we’ll talk about the features that are known that will be in. To take with a precaution because things can change. Right now, we downloaded the preview version which does not even have a name.
One of the major functions that is enhanced is Windows Server 2025 functional level and, in this post, we’ll also focus on this.
New Functional level of AD – Windows Server 2025 Functional level
As you know, Microsoft Active Directory (AD) is a central component of most of the IT infrastructure of businesses around the world. Every organization is using it because over of couple of decades, Microsoft won the battle and made it a standard.
If you’re not aware, AD is a database where you are able to store objects to better organize and manage them. You can store objects, such as servers, workstations, user accounts, printers or shared resources, but also much more.
Microsoft AD is an essential component pf Windows Server. As a result, when Microsoft was building Azure, they needed a cloud alternative in Azure. So, they simply called it Azure AD, but then renamed it to Microsoft Entra ID.
Once you deploy your AD, you’ll see 3 key elements:
- The functional level of your forest AD
- The functional level of the domain AD
- And finally, the schema version from your AD.
As your AD evolves, these versions are also expected to evolve, with your AD.
Windows Server 2025 functional level
If you have had the opportunity to test the preview of the next version of Windows Server 2025, know that there is a new functional level version of domain and forest for the Active Directory ( ADDS ) Windows Server 2025.
Microsoft is planning a new version for Active Directory which also means that there will therefore be new functionalities in Active Directory ( ADDS ) who will consume this new version of forest and domain.
This also means that there will be migrations to be planned for existing infrastructure.
New version of scheme Active Directory
And as a novelty never happens alone … there will logically be a new version of Active Directory scheme. As I write this article, Microsoft does not provide in-depth details, but it is imagined that the official documentation will be updated later.
New version of Active Directory scheme, version 90
Let me remind you that there are numbers that increments, but not regularly, which allows us also to check the version of schema of our AD.
- Windows Server 2025 – Schema version: 90
- Windows Server 2022 – Schema version: 88
- Windows Server 2019 – Schema version: 88
- Windows Server 2016 – Schema version: 87
- Windows Server 2012 R2 – Schema version: 69
- Windows Server 2012 – Schema version: 56
- Windows Server 2000 – Schema version: 13
Use the DSQuery command line via the console. Run the following command:
|
1 |
<em>dsquery * "cn=schema,cn=configuration,dc=contoso,dc=local" -scope base -attr objectVersion</em> |
The same way you can verify the version of your current schema AD. In my example I checked my lab domain controller that currently has Windows Server 2022 and the results are as following:
The fact is that the ADDS have not been updated since Windows Server 2016, and the functional level didn’t increase in Server 2019/2022.
For evolution of your existing infrastructure, bear in mind that most likely, when you create a new AD forest under Server 2025, the minimum functional level must be set to Server 2016.
For upgrades, if you wish to promote a Server 2025 to a domain controller in an existing domain, this domain must have 2016 functional level at minimum.
New Security Enhancements in Windows Server 2025
The v2025 version of AD has some security enhancements as well. A RC4 algorithm is the preferred way of methods and LDAP communication now supports TLS 1.3 for LDAP over TLS. The LDAP policy is enforced.
Some older SAM-RPCs will be blocked and Microsoft is now using AES encryption method for changing passwords. Members that are under the Protected Users group and also member of local accounts on domain computers, we know that the SAM-RPC interface will be blocked by default. (Can be changed by using GPO though).
There shall be more security enhancements in other areas of the 2025 Server, other than AD, but at this moment within this release, the only security enhancements are those that we just shared.
Scaling and performance improvements
Microsoft has been using the ESE database engine for their AD during years. The upcoming 2025 server release will benefit from some performance improvements of the Jet Blue engine.
New domain controllers are installed with a 32K page size and use 64-bit long value IDs. (instead of 8k previously). The compatibility with previous release is maintained as the 32k is optional.
Quote from Microsoft:
A new domain controller is installed with a 32k page database and uses 64-bit Long Value IDs (LIDs) and runs in an “8k page mode” for compatibility with previous versions. An upgraded Domain Controller continues to use its current database format and 8k pages. Moving to 32k database pages is done on a forest-wide basis and requires that all Domain Controllers in the forest have a 32k page capable database.
To enable the 32k database pages, the forest functional level must be raised to the new level described in New Forest and Domain Functional Levels, and the Database 32k Pages Feature optional feature must be enabled. The 32k database page size is also an optional feature for AD LDS.
NUMA support
Windows Server 2025 AD will also support NUMA. There is also a possibility for NUMA capable hardware by utilizing CPUs in all processor groups. Previously, AD would only use CPUs in group 0. Active Directory can expand to beyond 64 cores.
NOTE: NUMA support for Active Directory is also available on Window Server 2022 beginning with 2022-08 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB 5016693)
You can get a copy of the vNext Windows Server if you join the Windows Insider Program.
Final Words
The upcoming Windows Server 2025 from Microsoft promises to be a game-changer in the world of enterprise IT. With its focus on enhancing security, improving performance, and introducing innovative features, it is set to meet the evolving needs of modern businesses. As we bid farewell to the 2022 release and look ahead to the next generation of Windows Server, it’s clear that Microsoft is committed to staying at the forefront of server operating systems. Of course, we’ll have to wait until this version will go RTM and GA.
The increased emphasis on security is particularly noteworthy, as cyber threats continue to evolve and pose significant risks to organizations of all sizes. Windows Server 2025’s advanced security measures and updated capabilities will help IT professionals better protect their networks and data, giving them more peace of mind.
While we eagerly anticipate the release of Windows Server 2025 and the opportunities it brings, it’s essential for organizations to start planning their migration strategies to harness the full potential of this powerful operating system. With the right planning and implementation, Windows Server 2025 can be the cornerstone of a resilient, efficient, and secure IT infrastructure that helps businesses thrive in the years to come. Microsoft’s commitment to ongoing support and updates ensures that Windows Server will continue to be a trusted partner for enterprises as they navigate the ever-evolving technology landscape.
