Re: Native Mode possible problems...help!

From: Todd J Heron (todd_heron_no_spam_at_hotmail.com)
Date: 11/02/04 

Date: Mon, 1 Nov 2004 23:12:23 -0500

Let me clarify a bit - I hit the Send button too fast. Anyone who changes
their password will still be able to logon to an NT 4.0 - but using their
old password. The Windows 2000 DC will only accept the new password, for
obvious reasons. And the users will not know (unless they are
technically-savvy), which DC authenticated them. Now ask yourself, would
you want to have this happening in your network, just for the sake of
leaving old NT 4.0 BDC's around?

Secondly, NT 4.0 workstations will slowly begin to reset their computer
password with the PDCE (the default for NT 4.0 is 7 days), but when they
later try to authenticate against one of the NT 4.0 BDCs, their secure
channel will fail and the user will not be able to logon to the domain at
all, with either the old or new password. 

-- 
Todd J Heron, MCSE
Windows 2003/2000/NT
"Todd J Heron" <todd_heron_no_spam@hotmail.com> wrote in message 
news:OJBueEJwEHA.1564@TK2MSFTNGP09.phx.gbl...
> They NT 4.0 domain controllers will still be able to authenticate users, 
> but they will contain domain information which will slowly start to become 
> out-of date, as the native-mode domain controllers running Windows 2000 
> Server will no longer share information with them, so for example anyone 
> who changes their password may not be able to access domain resources if 
> their logon hit an old DC.  In fact, they may not be able to logon at all 
> depending on which DC answers the authentication call first.  Workstations 
> will slowly start to lose their secure channel with the domain.   In 
> short, odd authentication errors will start occurring.
>
> Why not just upgrade the BDCs to Windows 2000 Server?
>
> -- 
> Todd J Heron, MCSE
> Windows 2003/2000/NT
>
> "Brad" <brad@redbeards.net> wrote in message 
> news:3cb49ab6.0411011711.69040ced@posting.google.com...
>> Hello,
>> I'm hoping someone can shed a little light on this subject.  At my
>> work, we are trying to get to a pure native mode environment.
>> Currently, we have two domain controllers running Windows Server 2000.
>> We also have about 7 old NT servers acting as BDC's.  Thus, we are
>> running in a mixed-mode environment.  My question is if I "flip the
>> switch" to native mode, will those 7 other NT BDC's (which are on the
>> same domain) be able to authenticate...meaning will they be able to
>> see the rest of the domain.  I understand users won't be
>> authenticating to them, I just want to make sure the NT servers will
>> still work.  For instance, the one is doing file sharing.  Will users
>> still be able to get to those files or will these NT BDC's just drop
>> off the domain?  Thanks for any help.
>
>