Windows 2000 Server and Windows Server 2003 Active Directory can be deployed in mixed mode, which allows for Windows NT 4.0 Server BDCs. In fact, when you upgrade to Windows 2000 Server, you first upgrade the primary domain controller (PDC), and it's automatically acting in mixed mode. Thus the upgraded server acts as the PDC for all the backup domain controllers, and it serves as the interoperability partner to the Windows NT 4.0 BDC by being backward-compatible. It knows what to transfer to the BDCs and what not to. The ability to retain legacy BDCs on a network migrating towards more modern releases ensures that you can maintain the necessary level of productivity. This is especially important when you are running older or outdated software that does not run on newer operating systems.
However, there are some limitations to mixed-mode operation that need to be taken into consideration. First, the size of the domain will be limited to that of Windows NT 4.0 Active Directory, namely 40,000 objects. Second, universal groups, nested groups, and the special Security groups cannot be used anywhere in the domain because they are not supported by Windows NT 4.0.
With the presence of Windows NT 4.0 BDCs, it is important to remember that some of the features of Windows 2000 Server or Windows Server 2003 Active Directory will not be available on the Windows NT 4.0 BDCs. These include Kerberos authentication, organizational units, and group policy.
If you have no Windows NT 4.0 BDCs and have no plans what-so-ever to deploy one, then you can safely migrate to native mode. However, once you move to native mode, you cannot return to mixed mode without complete domain destruction and re-building.
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.