Forum Discussion
AndrewPrior
Sep 18, 2023Brass Contributor
Windows server 2025 Forest and Domain functional levels.
As many will no doubt have noticed, there is a 2025 forest and domain functional level introduced in build 25941.
The schema updates suggest these are delegated managed service accounts (dMSA) and 32k pagesize for the active directory database.
Is there any documentation on these?
- LindakupMicrosoftWe have an upcoming session to discuss all of these at the Microsoft Technical TakeOff - see https://techcommunity.microsoft.com/t5/windows-events/what-s-new-in-active-directory/ev-p/3971596
There is also a bit of pre-release documentation https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/whats-new-active-directory-domain-services-insider-preview Would be interested how gMSA and dMSA differ in featureset and handling.
Microsoft should really work with Backup solution ISV as they often do not support managed service accounts still, and insist on username and password.
This is really sad as backup service accounts are often highly privileged and not following RBAC at all.
Some big names are:- CommVault
- Veeam (solved see below)
- WorkingHardInITCopper Contributor
- Thank you very much that's very helpful. I will pass this on to the Veeam team. They had a task to elaborate it.
So now just CommVault is missing. From the UX I know it is still required to using usual service accounts.
- Joachim_OtahalIron ContributorAs one of "many": Thanks for telling! Maybe, just maybe, Level 2025 could be needed for the soon-to-come Exchange 202x?
- AndrewPriorBrass Contributor
you can enable the 32k page size with the command
enable-adoptionalfeature 'database 32k pages feature -scope forestorconfigurationset -target contosa.com
there are also 4 new cmdlets as well
complete-adserviceaccountmigration
reset-adserviceaccountmigration
start-adserviceaccountmigration
undo-adserviceaccountmigration