Re: 2nd DC not authenticating users?

From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 01/16/05 

Date: Sun, 16 Jan 2005 06:26:09 -0500

Michael,

Only if that WINNT 4.0 Server is a Backup Domain Controller are we
interested in remaining Mixed Mode. Well, essentially.

Open up the Active Directory Users and Computers MMC and right click
'yourdomain.com' and select Properties. You will see on the General tab
either Mixed Mode or Native Mode in the Domain Operation Mode. If it is in
Mixed Mode you would see a button to change it to Native Mode. If it is in
Native Mode already then there will be no button as the switch from Mixed
Mode to Native Mode is a one-way, one-time thing.

Is that WINNT 4.0 Server a Backup Domain Controller? 

-- 
Cary W. Shultz
Roanoke, VA  24014
Microsoft Active Directory MVP
http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
"Michael" <DaShard@home.com> wrote in message 
news:%23rbOzW6%23EHA.4092@TK2MSFTNGP09.phx.gbl...
> Cary, thanks. OK I made my DC02 and DC03 GC's as per your grand 
> suggestion. I have one location/domain/site.
> Thanks for the good Idea on the Support Tools - wish I'd had those last 
> week!
> I think I'm in mixed mode as I have 1 NT4.0 Server and 3 W2K Servers. - 
> how do I check/change?
> All my Clients are W2K Pro or XP Pro
>
> Thanks.
>
>
>
> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message 
> news:%23gfaljv%23EHA.2584@TK2MSFTNGP09.phx.gbl...
>> DaShard!
>>
>> I think that you are probably correct in your thought process that it is 
>> a GC issue.
>>
>> Is your WIN2000 Active Directory environment in Native Mode or in Mixed 
>> Mode?
>>
>> Does DC01 hold all of the FSMO Roles ( there are five: two forest-wide 
>> and three domain-wide......Schema Master and Domain Naming Master and 
>> then the PDC Emulator, RID Master and Infrastructure Master )?
>>
>> Do you have WIN2000 and WINXP Pro clients only or do you also have some 
>> 'legacy' clients?
>>
>> If you have only one Domain / Tree / Forest then it is generally 
>> suggested that all Domain Controllers also be a Global Catalog Server. 
>> Now, the first DC will be a GC.  This you know.  How do you make the 
>> second and third DCs also Global Catalog Servers?  Easy!  Open up the 
>> Active Directory Sites and Services MMC.  Go to each DC under the SERVERS 
>> folder. Each DC should have a child object NTDS SETTINGS.  Simply right 
>> click that object and choose Properties.  On the General tab in the lower 
>> left corner you will see a check box labeled Global Catalog Server.  For 
>> DC02 and DC03 this check box will not be checked.  Check it!  It is also 
>> probably a good idea to reboot each DC once you do this, so you might 
>> want to do this on the weekend or after hours!
>>
>> I might also suggest to you that you install the Support Tools on all of 
>> your Windows 2000 Servers, no matter what role they play ( Domain 
>> Controller, Member Server running Exchange, Member Server running 
>> Terminal Server, etc. etc. etc. ).  There are some really neat tools. 
>> dcdaig, netdiag, nltest, repadmin, replmon and netdom are the tools that 
>> you would most likely use most often!
>>
>> If you can not script then I would suggest that you look at ADModify to 
>> help you when you have bulk changes to do.
>>
>> I would also suggest that you make use of ExMerge for any Exchange 2000 
>> related things that you might need.  It is a great tool.
>>
>> You might also want to go to Joe's web site at http://www.joeware.net and 
>> get oldcmp and adfind ( at the very least ).
>>
>> You might also want to get ALTOOLS.exe ( from the MS Web Site ) and make 
>> use of the Account Lockout Tools.  They are really nice.
>>
>> HTH,
>>
>> -- 
>> Cary W. Shultz
>> Roanoke, VA  24014
>> Microsoft Active Directory MVP
>>
>> http://www.activedirectory-win2000.com
>> http://www.grouppolicy-win2000.com
>>
>>
>>
>> "DaShard" <DaShard@home.com> wrote in message 
>> news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
>>>I have 3 Win 2K DC's.
>>>
>>> Whenever the first one that was set up is being rebooted or maintained 
>>> there appears to be very little resolutions on the rest of the network. 
>>> People can't login easily and the dead giveaway is that nothing happens 
>>> when you click the domain name in net neighborhood.
>>>
>>> I'm pretty sure it's to do wth my lack of knowledge of GC's and the 
>>> like.... Help.
>>>
>>> What do I need to do to make my 2nd and 3rd DC act like one for local 
>>> network/domain resolutions.....
>>>
>>> thanks
>>>
>>
>>
>
>