Verifying the Windows environment

Before you configure the Centrify agent to use FIPS-compliant encryption, you should verify that the Active Directory domain meets the minimum requirements for FIPS‑compliance. For a Centrify-managed computer to join a FIPS 140-2 Active Directory domain, the Active Directory domain must meet the following basic requirements:

  • The domain must be at domain functional level Windows Server 2008, or later.
  • The forest must have a global catalog computer that is running at domain functional level Windows Server 2008, or later.
  • The domain must have at least one Windows Server 2008 R2, or later, domain controller.
  • Any trusted domains you plan to access must be at domain functional level Windows Server 2008, or later.

Although a managed computer can successfully join a domain that has trust relationships to domains at a lower functional level, it cannot access users in those trusted domains, for example, to add user profiles or roles to a zone.