Operational Modes in Domains

After you upgrade the PDC to Windows 2000, the domain operates in mixed mode, meaning that both Windows 2000 and Windows NT controllers can be present. This is the default setting for Windows 2000 Servers. In mixed mode, trusts operate as they do between Windows NT 4 domains.

About Native Mode

To operate in native mode, a Windows 2000 domain must be running only Windows 2000 domain controllers and it must be explicitly switched to native mode operation. Since this is a one-way migration, it must be done manually. As soon as you upgrade to native mode, Windows NT 4 controllers can no longer function in the domain. Thus, you shouldn't switch to native mode unless you're sure that you've upgraded all Windows NT BDCs or taken them offline, and that you won't want to use Windows NT domain controllers in the future.

PLANNING

---

Windows NT 4 member servers work without issues in a Windows 2000 native-mode domain, as do Windows NT 4-based and Windows 95/98-based clients. Native mode refers only to the domain controllers, not to all machines in the domain.

Windows 2000 native-mode domains offer a number of advantages over Windows NT 4 domains, as well as over Windows 2000 mixed-mode domains. Table 7-4 summarizes these advantages. In addition to the advantages listed in the table, switching to native mode allows legacy clients to benefit from the transitive trusts between domains in Active Directory and, once authenticated, to access resources anywhere in the domain tree, provided they have the proper permissions.

Table 7-4. The differences among Windows NT 4 domains, Windows 2000 mixed-mode domains, and Windows 2000 native-mode domains

It's important to understand that not all systems in the domain have to be running Windows 2000 in order to operate a native-mode domain. Native mode affects only the operation of the domain controllers. The issue of having non-Windows 2000 systems in the domain is important, however, when it comes to planning WINS server deployment. As long as you have legacy (non-Windows 2000) clients and servers in the domain, you need WINS servers for NetBIOS name resolution (unless you have a small, nonrouted network that can handle NetBIOS name resolution via broadcast). In addition, you shouldn't turn off NetBIOS over TCP/IP for Windows 2000 machines until the network consists entirely of Windows 2000 machines because legacy systems will be unable to communicate with the Windows 2000 systems. (Legacy systems rely on NetBIOS calls for network communication.)

Switching to Native Mode

When all of the Windows NT 4 BDCs have been either upgraded to Windows 2000 or taken offline, you can switch the network to Windows 2000 native mode. To make the switch, log on to a domain controller using an administrator account and follow these steps:

1. Open Active Directory Domains And Trusts from the Administrative Tools folder.
2. Right-click the domain you want to convert to native mode, and choose Properties from the shortcut menu.
3. Click the Change Mode button in the Properties window, shown in Figure 7-5. Notice that the Domain Operation Mode box displays Mixed Mode.



Figure 7-5. The Change Mode button.

4. When Windows 2000 asks you to verify the switch, click OK. Click OK in the next dialog box also.
5. Reboot the domain controller you made changes to as well as every domain controller in the domain after the modified domain controller reports that it is running in native mode.

CAUTION

---

Switching to native mode is an irreversible procedure. After switching to native mode, you cannot use Windows NT 4 domain controllers in the domain.