Re: Rollback to NT4 domain from 2000 mixed mode
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 12/03/04
- Next message: drewp2: "Re: STOP error when upgrading to W2K from NT 4.0"
- Previous message: Steven L Umbach: "Re: Password Policy"
- In reply to: Todd B: "Re: Rollback to NT4 domain from 2000 mixed mode"
- Next in thread: Todd B: "Re: Rollback to NT4 domain from 2000 mixed mode"
- Reply: Todd B: "Re: Rollback to NT4 domain from 2000 mixed mode"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 03 Dec 2004 17:32:19 GMT
OK Todd.
You do not have to worry about kerberos as XP Pro/W2000 computers can
fallback to lm/ntlm/ntlmv2 authentication if kerberos can not be used. This
will even happen on an AD domain if you use the IP address of a computer
instead of it's computer name to access a share. Look in security options
and you will see the option for "lan manager authentication level" which is
used to configure downlevel authentication. A NT4.0 domain controller can
use ntlmv2 as long as least SP4 is installed on the computer. Good
uck. --- Steve
"Todd B" <tbergman@goisg.com> wrote in message
news:Oc%23Br$T2EHA.3408@tk2msftngp13.phx.gbl...
> Thank you very much for your response. I am very familiar with the tools.
> There are corrupt tables in ntds.dit. The customer does not have any valid
> backups. My one option is rollback. They have all XP&2000 clients so trick
> is disabling Kerberos and a what ever it is to allow 2k & Xp clients to
> authenticate to a rollback nt4 pdc.
>
> thanks
> -Todd Bergman
>
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> news:aeUrd.182299$HA.128896@attbi_s01...
>> This is more of an Active Directory question than Group Policy so I
>> encourage you to also post in the win2000.Active_directory newsgroup.
>> Having said it would be helpful if you post why you think your Active
>> Directory is corrupt including and pertinent info from Event Viewer.
>> Somebody may be able to help you solve your problem. I would also try to
>> do a backup of the System State ASAP of your domain controller so that
>> you have at least something in case things get worse as you try repairs
>> or a rollback. There are ways to try and repair the ntds.dit file using
>> ntdsutil.exe that stores active directory which may be something to look
>> at as shown in the first link below if you believe that is the problem.
>> The second link shows how to rollback a W2K mixed mode domain to a NT4.0
>> domain for the purpose of renaming the domain but the procedure may be
>> what you are looking at also. Dns misconfiguration can also be a cause of
>> many problems in an Active Directory domain and the support tools netdiag
>> and dcdiag [for domain controllers only] can be very helpful in
>> diagnosing problems. Also if you applied any security templates, that may
>> have included incompatible security changes for your domain configuration
>> or enabled an ipsec policy on the domain, that can be a cause of a lot of
>> problems still having downlevel BDC's. The third link below covers that
>> topic. --- Steve
>>
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;315131 --
>> ntdsutil.exe
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;292541 --
>> rollback W2K mixed to NT4.0
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;823659 --
>> security setting incompatibilities.
>> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382 --
>> Active Directory dns FAQ.
>>
>> "Todd B" <tbergman@goisg.com> wrote in message
>> news:O%23HdE%23O2EHA.204@TK2MSFTNGP10.phx.gbl...
>>> Have corrupt 2000 AD no backups mixed mode with NT4 bdc's. Have 2K & XP
>>> clients.
>>> AD is still online might be able to push policy to turn off Kerberos or
>>> something.
>>>
>>> Anyone have a way to rollback to NT4 without having to re-add these
>>> clients to the domain.
>>>
>>> Help...
>>>
>>> Thanks,
>>>
>>> Todd Bergman
>>> System Engineer ISG
>>> mailto:tbergman@goisg.com
>>>
>>
>>
>
>
- Next message: drewp2: "Re: STOP error when upgrading to W2K from NT 4.0"
- Previous message: Steven L Umbach: "Re: Password Policy"
- In reply to: Todd B: "Re: Rollback to NT4 domain from 2000 mixed mode"
- Next in thread: Todd B: "Re: Rollback to NT4 domain from 2000 mixed mode"
- Reply: Todd B: "Re: Rollback to NT4 domain from 2000 mixed mode"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
