You want to change the mode of a Windows 2000 Active Directory domain from mixed to native. You typically want to do this as soon as possible after installing a Windows 2000 domain to take advantage of features that aren't available with mixed-mode domains.
220.127.116.11 Using a graphical user interface
18.104.22.168 Using a command-line interface
To retrieve the current mode, use the following command:
> dsquery * <DomainDN> -scope base -attr ntMixedDomain
Or you can use the enumprop command found in the Windows 2000 Resource Kit.
> enumprop /ATTR:ntMixedDomain "LDAP://<DomainDN>"
To change the mode to native, create an LDIF file called change_domain_mode.ldf with the following contents:
dn: <DomainDN> changetype: modify replace: ntMixedDomain ntMixedDomain: 0 -
Then run the ldifde command to import the change.
> ldifde -i -f change_domain_mode.ldf
22.214.171.124 Using VBScript
' This code changes the mode of the specified domain to native ' ------ SCRIPT CONFIGURATION ------ strDomain = "<DomainDNSName>" ' e.g. amer.rallencorp.com ' ------ END CONFIGURATION --------- set objDomain = GetObject("LDAP://" & strDomain) if objDomain.Get("nTMixedDomain") > 0 Then Wscript.Echo "Changing mode to native . . . " objDomain.Put "nTMixedDomain", 0 objDomain.SetInfo else Wscript.Echo "Already a native mode domain" end if
The mode of a domain restricts the operating systems the domain controllers in the domain can run. In a mixed-mode domain, you can have Windows 2000 and Windows NT domain controllers. In a native-mode domain, you can have only Windows 2000 (and Windows Server 2003) domain controllers. There are several important feature differences between mixed and native mode. Mixed mode imposes the following limitations:
The domain mode can be changed only from mixed to native mode. You cannot change it back from native to mixed. When a Windows 2000 domain is first created, it starts off in mixed mode even if all the domain controllers are running Windows 2000. The domain mode is stored in the ntMixedDomain attribute on the domain object (e.g., dc=amer,dc=rallencorp,dc=com). A value of 0 signifies a native-mode domain and 1 indicates a mixed-mode domain.
Windows Server 2003 Active Directory has a similar concept called functional levels. For more information on Windows Server 2003 functional levels, see Recipe 2.13 and Recipe 2.14.
2.9.4 See Also
Recipe 2.13 for raising the functional level of a domain, Recipe 2.14 for raising the functional level of a forest, and MS KB 186153 (Modes Supported by Windows 2000 Domain Controllers)