The AD 2003 level in DSfW used ARCFOUR encryption for communication between Workstations and domain controllers. After the domain upgrade, the encryption also gets upgraded to AES. AES encryption is more secure when compared with ARCFOUR based encryption. The following communications are based on AES in the upgraded server:
Kerberos AS and TGS requests
SMB setup connection
LDAP SASL bind and other requests
Dcerpc bind and other requests
For information on how to create AES 256-Bit Tree key, see Creating an AES 256-Bit Tree Key in the NICI Administration Guide.