I'm working on a domain that has two Windows 2003 domain controllers and one Windows 2008 domain controller. The dev team needs to sync ldap info with another system and they requested SHA or MD5 encryption for this sync.
I discovered that the domain is running on functional level Windows 2000, with two 2003 DC's and one Windows 2008 DC.
SHA is part of AES correct? Since I have a 2008 box, will the domain accept authentication tickets using SHA? Is there a way to check which etypes are currently supported by the DC's?