Verifying the Windows environment
Before you configure the Centrify agent to use FIPS-compliant encryption, you should verify that the Active Directory domain meets the minimum requirements for FIPS‑compliance. For a Centrify-managed computer to join a FIPS 140-2 Active Directory domain, the Active Directory domain must meet the following basic requirements:
- The domain must be at domain functional level Windows Server 2008, or later.
- The forest must have a global catalog computer that is running at domain functional level Windows Server 2008, or later.
- The domain must have at least one Windows Server 2008 R2, or later, domain controller.
- Any trusted domains you plan to access must be at domain functional level Windows Server 2008, or later.
Although a managed computer can successfully join a domain that has trust relationships to domains at a lower functional level, it cannot access users in those trusted domains, for example, to add user profiles or roles to a zone.