Switching Domain Operational Modes

After you upgrade the PDC of a Windows NT 4 domain to Windows 2000, the Active Directory domain and the forest in which it was seeded operate in mixed mode. While a domain is in mixed mode, Windows NT 4 BDCs and Windows 2000 domain controllers can coexist on the network.

Most companies will find themselves remaining in mixed mode for some time to ensure compatibility with existing Windows NT 4 BDCs or other servers such as Samba that need access to a "real" NT 4 BDC. However, there are advantages to using the Windows 2000 Server native mode, as described in Table 7-4.

Microsoft recommends a speedy switch to Windows 2000 native mode; however we recommend a more cautious approach. Running in mixed mode also allows nervous network administrators a chance to start using Active Directory in a limited manner without losing their Windows NT 4 safety net. Wait until it's completely clear there is no need for NT 4 BDCs before making the domain mode upgrade, because once you've upgraded the domain mode, there is no going back.

Windows NT 4 member servers work in a Windows 2000 native-mode domain, as do Windows NT 4-based and Windows 95/98-based clients (however Windows 95/98 clients should install the directory services client from the Windows 2000 CD, and Windows NT 4 clients from http://www.microsoft.com/ntserver/nts/downloads/other/adsi25/x86.asp). Native mode refers only to the domain controllers, not to all machines in the domain.

Table 7-4. The differences among Windows NT 4 domains, Windows 2000 mixed-mode domains, and Windows 2000 native-mode domains

Feature Windows NT 4 Windows 2000 Mixed Mode Windows 2000 Native Mode

Supported domain controllers

Windows NT 4, 3.51 BDCs

Windows 2000, Windows NT 4 BDCs

Windows 2000

Objects per domain

Fewer than 40,000 (20,000 user accounts) recommended

Fewer than 40,000 (20,000 user accounts) recommended

Up to 1 million

Multimaster replication

No

Yes

Yes

Group types

Global, Local

Global, Local

Universal, Domain Global, Domain Local, Local

Nested groups

No

No

Yes

Cross-domain administration

Limited

Limited

Full

Password filters

Installed manually on each PDC and BDC

Installed manually on each domain controller

Installed automatically on all domain controllers

Queries using Desktop Change/Configuration Management

No

Only on Windows 2000 domain controllers

Yes

Authentication protocols

NTLM

NTLM, Kerberos

Kerberos

Group membership replication

Entire group membership list

Entire group membership list

Entire group membership list

Real World

Existing Clients Still Work in Native Mode

It's important to understand that not all systems in the domain have to be running Windows 2000 or Windows XP to operate a native-mode domain. Native mode affects only the operation of the domain controllers. The issue of having legacy (Windows NT, Windows 95/98/Me, or DOS/Windows 3.x) systems in the domain is important, however, when it comes to planning WINS server deployment. As long as you have legacy clients and servers in the domain, you need WINS servers for NetBIOS name resolution (unless you have a small, nonrouted network that can handle NetBIOS name resolution using broadcast). In addition, you shouldn't turn off NetBIOS over TCP/IP, even if your network consists entirely of Windows 2000 and Windows XP systems, because legacy applications (which are many) still rely on NetBIOS calls for network communication.

When you've verified that no legacy domain controllers are needed (or will ever be needed) on the network, you can raise the domain functionality (upgrade the domain mode). To make the switch, log on to a domain controller using an administrator account and follow these steps:

Before eliminating or upgrading the last Windows NT 4 BDC or Windows 2000 domain controller and switching domain modes, we recommend taking it offline for a while, if possible. This allows you to test whether there are any remaining legacy applications or servers that need access to an older domain controller, before it's too late to go back.

  1. Launch Active Directory Domains and Trusts from the Administrative Tools folder on the Programs menu.
  2. Right-click the domain you want to convert to native mode and choose Properties from the shortcut menu.
  3. Click Change Mode in the Properties dialog box, shown in Figure 7-6. Notice that the Domain Operation Mode box displays Mixed Mode.

    Figure 7-6. The Change Mode button.

  4. When Windows 2000 asks you to verify the switch, click OK. Click OK in the next dialog box also.
  5. Reboot the domain controller you made changes to as well as every domain controller in the domain after the modified domain controller reports that it is running in native mode.

    Switching to native mode is an irreversible procedure. After switching to native mode, you cannot use Windows NT 4 domain controllers in the domain.

    You can only upgrade the functionality of a forest once all domains within the forest are functioning in the desired native mode. After a forest is upgraded, you can only add domains operating in the same mode or higher. To add a domain with a lower functionality level, you'd have to create a whole new forest.



Microsoft Windows 2000 Server Administrator's Companion
Microsoft Windows 2000 Server Administrators Companion
ISBN: 0735617856
EAN: 2147483647
Year: 2003
Pages: 320

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net