Windows Server 2008 R2 Schema Extensions

Windows Server 2008 R2 includes new features that require a schema upgrade.  You do not have to upgrade your schema if you want to run Windows Server 2008 R2 in your environment, but you do need to upgrade your schema if you want to leverage the new functionality included in 2008 R2.  What new features do you get when you upgrade your schema?Tile-WinSvr08R2_h_c

Here is a great article that talks about the features available at each domain and forest functional level.  Note that once you upgrade a domain functional level you cannot roll back.  There is one exception and the article discusses it, but just plan on each upgrade being a one way trip…  OK?

Take note that there are actually multiple steps to the schema upgrade process.  The first step is to upgrade each domain in your forest to the new functional level.  Once your domain is upgraded to 2008 R2, you will now be able to leverage the following feature for the upgraded domain.

Authentication mechanism assurance, which packages information about the type of logon method (smart card or user name/password) that is used to authenticate domain users inside each user’s Kerberos token. When this feature is enabled in a network environment that has deployed a federated identity management infrastructure, such as Active Directory Federation Services (AD FS), the information in the token can then be extracted whenever a user attempts to access any claims-aware application that has been developed to determine authorization based on a user’s logon method.

OK, I’m not that impressed with this domain feature, but once you upgrade the forest to 2008 R2, you get the AD Recycle Bin!  To me, the AD Recycle Bin is worth its weight in gold!

Once all of your domains are upgraded to 2008 R2, we can upgrade the forest to 2008 R2.  Remember I said this is a multi-step process?  All of your domains have to be upgraded to Server 2008 R2 before you can upgrade the forest. 

Once we get our forest upgrade to 2008 R2, will are now able to take advantage of the new Active Directory Recycle Bin.  Here’s what it does for you:

Active Directory Recycle Bin, which provides the ability to restore deleted objects in their entirety while Active Directory Domain Services (AD DS) is running.  Here’s more detail on what the recycle bin gives you.

So how do you upgrade each domain and then the forest to 2008 R2?  This article will walk you through the upgrade process. 

