Re: Switch from mixed to native mode : risks ?

I have never seen or heard anything that might have problems by increasing
the mode. HOWEVER, each environment is different! Want to be sure? Test it
in a test environment that represents your production env.
Before making the switch have backups of all DCs (always a good idea!!!)
OR
have a DC offline before making the switch

if everything is OK connect the disconnected DC

if you have troubles, shutdown all DCs, re-introduce the DC that was
disconnected, seize the FSMO, cleanup metadata of other DCs, forcedemote the
other DCs (offline) and promote them again

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
"DavidG" <DavidG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:09923EAF-55C5-4C4F-A514-E59F1B65EACD@xxxxxxxxxxxxxxxx
Hi,

I want to switch my domain to native mode.
When i read the "help", i find these informations :

"Several things happen when you raise the domain functional level to
Windows
2000 native:
. Domain controllers no longer support NTLM replication.
. The domain controller that is emulating the PDC operations master cannot
synchronize data with a BDC running Windows NT 4.0 or earlier.
. Domain controllers running Windows NT 4.0 and earlier cannot be added to
the domain. You can add new domain controllers running Windows 2000 or
Windows Server 2003.
. Users and computers using previous versions of Windows begin to benefit
from the transitive trusts of Active Directory and can access resources
anywhere in the forest with the appropriate permissions. Although previous
versions of Windows do not support the Kerberos V5 protocol, the
pass-through
authentication provided by the domain controllers allows users and
computers
to be authenticated in any domain in the forest. This enables users or
computers to access resources in any domain in the forest for which they
have
the appropriate permissions. "

I want to know if there is any risk for :
- applications on my DC's (like SQL server)
- applications on member servers (ISA, SQL, ...)
- clients : NT4 Workstations or NT4 Servers

I think that there is no risk, while i do not remove "anonymous" and
"everyone" from" Pre-windows 2000 compatible access" group, but i prefer
to
be sure before click.

Thanks.

"Vincent Xu [MSFT]" wrote:

Hi,

I will appreciate if you describe this issue in detail with any example.

Thanks.


Best regards,

Vincent Xu
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security


When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
Thread-Topic: Switch from mixed to native mode : risks ?
thread-index: AcZA9ZC+JqRJ7ndhQ5yWaDEepo/75A==
X-WBNR-Posting-Host: 80.118.177.29
From: =?Utf-8?B?RGF2aWRH?= <DavidG@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <B819B09E-F176-40CC-8C72-7B8B45A8F1D0@xxxxxxxxxxxxx>
<jcWC9CMQGHA.6016@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Switch from mixed to native mode : risks ?
Date: Mon, 6 Mar 2006 00:11:26 -0800
Lines: 74
Message-ID: <BB2A1CDF-E21B-42D1-9319-F6844942E888@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA03.phx.gbl
microsoft.public.windows.server.migration:22729
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration

Hi,

Perhaps my question was not clear : I want to know which impacts there
is
when i switch to native mode.
I'm worry about applications, but I think that there is no link between
native mode and application authentication.

Thanks.

"Vincent Xu [MSFT]" wrote:

Hi,

So far I didn't hear any potential issue associated with you
scenario.

Thanks.

Best regards,

Vincent Xu
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

When responding to posts, please "Reply to Group" via your newsreader
so
that others may learn and benefit from your issue.

This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
Thread-Topic: Switch from mixed to native mode : risks ?
thread-index: AcY+qAnTqkulxTKfQoeInzMkSdRDmQ==
X-WBNR-Posting-Host: 80.118.177.29
From: =?Utf-8?B?RGF2aWRH?= <DavidG@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Switch from mixed to native mode : risks ?
Date: Fri, 3 Mar 2006 01:51:27 -0800
Lines: 15
Message-ID: <B819B09E-F176-40CC-8C72-7B8B45A8F1D0@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA03.phx.gbl
microsoft.public.windows.server.migration:22707
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration

Hi,

I have questions about switching my domains to native mode.
I have several domains in mixed mode, and i want to switch them to
native
mode. I know that i can have problems ik i keep off "Anonymous
logon"
and
"Everyone" from the "Pre-windows 2000 compatible access". I do not
want
to
change this for the moment because i must finish the applications
compatibility tests before.
So I want to know the risk to switch to native mode : is there any
potentially problems with applications access ? the risks concerns
only
applications which run on my DC's ?
I have no more NT4 BDC and all my DC's are W2K3.
I have still NT4 Members.

Thanks in advance.








.

Relevant Pages

  • Re: Switch from mixed to native mode : risks ?
    ... Before making the switch have backups of all DCs ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... I want to switch my domain to native mode. ... I want to know if there is any risk for: ...
    (microsoft.public.windows.server.migration)
  • Re: Switch from mixed to native mode : risks ?
    ... restore actions are within the scope of the domain by restoring all DCs ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... Before making the switch have backups of all DCs ... I want to switch my domain to native mode. ...
    (microsoft.public.windows.server.migration)
  • RE: Switch from mixed to native mode : risks ?
    ... I want to switch my domain to native mode. ... "Several things happen when you raise the domain functional level to Windows ... I want to know if there is any risk for: ...
    (microsoft.public.windows.server.migration)
  • Windows Active Directory Native Mode Question
    ... I have a question about making the switch to Native mode. ... mix mode domain with 2 windows 2000 domain controllers and I also have one nt ...
    (microsoft.public.windows.server.migration)
  • Re: Trying to DUMP Windows.... But
    ... this was also my motivation to switch over. ... simply start and see by installing Linux on top of your existing windows. ... Without any risk, you can easily use virtualbox for the task. ... Vista on top of Ubuntu, just for the few cases, where you prefer Windows. ...
    (Ubuntu)