Windows Server 2025 Preview Build 26040 and new features that are in

New Functional level of AD – Windows Server 2025 Functional level

As you know, Microsoft Active Directory (AD) is a central component of most businesses' IT infrastructure worldwide. Every organization uses it because Microsoft won the battle over a couple of decades and made it a standard.

If you're unaware, AD is a database where you can store objects to organize and manage them better. You can store objects, such as servers, workstations, user accounts, printers, or shared resources, and there is more.

Microsoft AD is an essential component of Windows Server. As a result, when Microsoft was building Azure, they needed a cloud alternative in Azure. So, they called it Azure AD and then renamed it to Microsoft Entra ID.

Once you deploy your AD, you'll see three key elements:

• The functional level of your forest AD
• The functional level of the domain AD
• And finally, the schema version from your AD.

   

   

   

  As your AD evolves, these versions are also expected to grow with your AD.

  Windows Server 2025 functional level

  If you have had the opportunity to test the preview of the next version of Windows Server 2025, know there is a new functional-level version of domain and forest for the Active Directory ( ADDS ) Windows Server 2025.

  Microsoft is planning a new version of Active Directory, which means that there will, therefore, be new functionalities in Active Directory ( ADDS ) that will consume this new version of Forest and Domain.

  This also means migration or existing infrastructure.

  New version of scheme Active Directory

  As a novelty never happens alone … there will logically be a new version of the Active Directory scheme. As I write this article, Microsoft does not provide in-depth details, but it is imagined that the official documentation will be updated later.

   

  The new version of the Active Directory scheme, version 90

  Let me remind you that there are numbers that increment but not regularly, allowing us to check the version of our AD schema.

   

  • Windows Server 2025 – Schema version: 90
  • Windows Server 2022 – Schema version: 88
  • Windows Server 2019 – Schema version: 88
  • Windows Server 2016 – Schema version: 87
  • Windows Server 2012 R2 – Schema version: 69
  • Windows Server 2012 – Schema version: 56
  • Windows Server 2000 – Schema version: 13

     

    Use the DSQuery command line via the console. Run the following command:

    1

    <em>dsquery * "cn=schema,cn=configuration,dc=contoso,dc=local" -scope base -attr objectVersion</em>

     

    In the same way, you can verify the version of your current schema AD. In my example, I checked my lab domain controller that currently has Windows Server 2022, and the results are as follows:

     

    The ADDS has not been updated since Windows Server 2016, and the functional level hasn't increased in Server 2019/2022.

    For the evolution of your existing infrastructure, remember that, most likely, when you create a new AD forest under Server 2025, the minimum functional level must be set to Server 2016.

    For upgrades, if you wish to promote a Server 2025 to a domain controller in an existing domain, this domain must have a 2016 functional level at minimum.

    New Security Enhancements in Windows Server 2025

    The v2025 version of AD has some security enhancements as well. An RC4 algorithm is the preferred way of method, and LDAP communication now supports TLS 1.3 for LDAP over TLS. The LDAP policy is enforced.

    Some older SAM-RPCs will be blocked, and Microsoft is now using the AES encryption method for changing passwords. For members who are under the Protected Users group and also members of local accounts on domain computers, we know that the SAM-RPC interface will be blocked by default. (It can be changed by using GPO, though).

    There shall be more security enhancements in other areas of the 2025 Server, other than AD, but at this moment, the only security enhancements are those that we just shared within this release.

    Scaling and performance improvements

    Microsoft has been using the ESE database engine for their AD for years. The upcoming 2025 server release will benefit from some performance improvements of the Jet Blue engine.

    New domain controllers are installed with a 32K page size and use 64-bit long value IDs. (instead of 8k previously). The compatibility with the previous release is maintained as the 32k is optional.

    Quote from Microsoft:

    A new domain controller is installed with a 32k page database, uses 64-bit Long Value IDs (LIDs), and runs in an "8k page mode" for compatibility with previous versions. An upgraded Domain Controller continues to use its current database format and 8k pages. Moving to 32k database pages is done forest-wide and requires all Domain Controllers in the forest to have a 32k-page capable database.

    To enable the 32k database pages, the forest functional level must be raised to the new level described in New Forest and Domain Functional Levels, and the Database 32k Pages Feature optional feature must be enabled. The 32k database page size is also an optional feature for AD LDS.

    NUMA support

    Windows Server 2025 AD will also support NUMA. NUMA-capable hardware is also possible by utilizing CPUs in all processor groups. Previously, AD would only use CPUs in group 0. Active Directory can expand beyond 64 cores.

    NOTE: NUMA support for Active Directory is also available on Window Server 2022 beginning with 2022-08 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB 5016693)

    If you join the Windows Insider Program, you can get a copy of the vNext Windows Server.

    Final Words

    Microsoft's upcoming Windows Server 2025 promises to be a game-changer in enterprise IT. With its focus on enhancing security, improving performance, and introducing innovative features, it is set to meet the evolving needs of modern businesses. As we bid farewell to the 2022 release and look ahead to the next generation of Windows Server, it's clear that Microsoft is committed to staying at the forefront of server operating systems. Of course, we'll have to wait until this version will go RTM and GA.

    The increased emphasis on security is particularly noteworthy as cyber threats evolve and pose significant risks to organizations of all sizes. Windows Server 2025's advanced security measures and updated capabilities will help IT professionals better protect their networks and data, giving them more peace of mind.

    While we eagerly anticipate the release of Windows Server 2025 and the opportunities it brings, organizations need to start planning their migration strategies to harness the full potential of this powerful operating system. With the proper planning and implementation, Windows Server 2025 can be the cornerstone of a resilient, efficient, and secure IT infrastructure that helps businesses thrive in the years to come. Microsoft's commitment to ongoing support and updates ensures that Windows Server will remain a trusted partner for enterprises as they navigate the ever-evolving technology landscape.