Solved

What are the cons when change functionality level from mixed to native mode?

Posted on 2007-11-26
1
261 Views
Last Modified: 2012-05-05
We have a Windows Server 2003 forest that currently contains 8 domain controllers running Windows 2003 server, standard edition, sp2.  Two of these controllers are our ADC and BDC that also function as our DNS and WINS servers.  We also have several member servers which are a combination of Windows Server 2003, standard edition, sp2; WIndows Server 2003 R2, standard edition, sp2; Windows 2000 server, sp4.

Our Forest and domain controllers all currently run in "mixed" mode.  We'd like to change the functionality level to "native" mode for all domain controllers and the forest.  There are NO NT Servers in this Forest.

What, if any, problems can we expect when making this change?  Any residual problems afterward?
0
Comment
Question by:FUSDtech
1 Comment
 
LVL 70

Accepted Solution

by:
KCTS earned 250 total points
ID: 20354542
In mixed mode you can have NT, 2000 and 2003 Domain controllers an they will replcate properly. In Win2K mode NT Domain contollers cease to function. In Win2003 Nativem Any Windows 2000 Domain Controllers won't replicate properly.

If you dont have any NT or 2000 Domain controllers its not an issue - member servers don't matter only Domain Controllers - so you can raise both the domain and forest functional levels to Windows 2003 Native.

BTW. You dont have PDC and BDCs in Windows anymore - all copies of active directory are updateable. Changes can be made on any DC and they replicate to the others. By default on DC (the first one), holds certain operations master roles (including a PDC emulator for comapatibility), but there is not such thing as a BDC anymore.

0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question