I have one forest and one domain. 2000 function level. My first/main Domain box is 2003 R2(holds on FSMO roles) and I have two replicating servers. One in a remote office over a manual IPSEC tunnel running on a 2003 R2 machine and one within the same LAN as the first/main DC box running. It is running on 2000 SP4 and also replicating. They are all GC and all running DNS servers that are AD integrated and set to see their see their DNS servers first. I noticed that more and more my machines are being authenticated by the 2000 box, which I understand is an okay thing due to AD design/model. I even noticed my new exchange is now being authenticated by that 2000 box. I know I can do some reg changes to set the first/main DC to be my authenticating server, but don't think I need to do that.
One question I have about that authentication behavior is besides the fist/Main DC being busy during an authentication request, is possible the loc of the servers on the four uplinked switches I have to the machines making the logon authentication request make a difference in which it authenticates to?
My question though is I plan on demoting the 2000 DC box, so that I can change my func level to 2003. What happens to the machines being authenticated by that 2000 dc box when I do that and they are logged in either working or not? What happens to my Exchange/Email box/functionality that's authenticating to that 2000 box? I know this may be obvious, but I want to hear it from experts. My plan is to do this on a late Friday and ensure users reboot and my exchange box be rebooted once done, but what happens if I was to do this during the work day and is my plan not to required/best practice?