Here is what you lose:
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
- Pre-Windows 2000 replication of account information (both computer and user) is removed. Thus, if you have NT 4.0 BDCs in your environment, their SAM database will quickly be out of synch and will have no way to synch up. Thus, the BDC will need to be upgraded or rebuilt as a Windows 2000 Server.
- You can't add pre-Windows 2000 domain controllers to the domain any more. Any new DC will need to be installed from the get-go as a Windows 2000 server.
- NT 4.0 DLL support for applications running locally on the DC.
Some of what you will gain:
- Prior to the move to Windows 2000 native mode, the upgraded PDC was responsible for all changes (even if other Windows 2000 DCs exist). Once you move to native mode the DCs are essentially all peers, and thus the AD database on all DCs can be modified. This is referred to as multimaster replication.
- Prior to moving to native mode the Universal groups and domain local groups are not available.
- You will be able to nest Global and Domain Local Groups, something you cannot do in Windows NT 4.0.
There are some reasons to consider staying in mixed mode (at least until you can work out a solution):
- You might have some applications that require to run on a NT 4.0 BDC. Usually this is to avoid pass-through authentication. Since the SAM is local to the BDC the application does authentication of verification of users locally. In such a case you will have to work with the vendor to get an update of the software that works properly with a Windows 2000 Server. Systems runnnig on non-domain controllers will not have a problem. You can still have NT 4.0 member servers in an Active Directory AND run in native mode without issue.
- If you cannot provide physical security for your BDCs you may want to consider staying in mixed mode. In mixed mode, the only system that can perform updates is the PDC-emulator (in NT 4.0 only the PDC can perform updates). Even if you log on to a BDC, the BDC communicates and performs the updates on the remote PDC. If you are in native mode, ANY DC will be updated locally and then replicate the changes throughout the AD infrastructure. Thus, prevent DCs from being compromised locally is a big deal.
- Once you have gone to native mode, you cannot go back to mixed mode AND you cannot roll back to an NT 4.0 domain. Prior to upgrading you PDC, you should create a BDC (or take one you don?t need) and synchronize it with the PDC. Then power it off. If you have to quickly revert back to your pre-Windows 2000 domain, you just turn off the Win2k PDC and power on the NT 4.0 BDC. Then, promote the BDC to be the PDC. WHAM! You are back in NT 4.0. Once you have upgraded to native modeth, is will not work without performing a lot of extra work and rebuilding Windows 2000 DCs as NT 4.0 DCs. In fact, you should be VERY cautious about the amount of time you spend in mixed mode. As more and more changes occur to the domain (even in mixed mode), reverting back using that spare NT 4.0 BDC can be more and more painful.
Dig Deeper on Microsoft Active Directory
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.