Announcement

Collapse
No announcement yet.

Reasons for 2000 Mixed to 2000 Native mode

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Reasons for 2000 Mixed to 2000 Native mode

    Hi,

    I would like to know reason for upgrading the domain functional level from windows 2000 mixed mode to windows 2000 Native mode. I'm gonna use ADMT 3.0 for migration from windows 2000 to 2003. Is there any other reason apart from the below one for raising the Windows 2000 mixed to native mode.

    "---
    If the functional level of the source domain is Windows 2000 mixed, ADMT cannot transform the global group into a universal group because universal groups cannot exist at that functional level. Even if the target domain is in native mode, however, users in mixed mode domains would not get the SIDs of universal groups in their access tokens, if the groups are from outside the domain. Therefore, ADMT creates a copy of the global group in the target domain and adds all migrated users to the copy of that group. This group has a new security identifier (SID) and no SID history. This method does not preserve access to resources unless you run the ADMT Security Translation Wizard in Add mode to update permissions, which delays and complicates the migration process. For this reason, it is not recommended that you restructure domains that are operating at the Windows 2000 mixed domain functional level or the Windows Server 2003 interim domain functional level. ---"

    Thanks!
    Last edited by EzakialL; 25th October 2008, 06:56.

  • #2
    Re: Why should you raise the Domain Functional level from 2000 Mixed to 2000 Native m

    As you have already quoted, 2000 Native mode gives a number of features:
    1) Select multiple user objects. Modify attributes of lots of user all in one go. This feature actually works like NT 4.0's User Manger. For a variety of reasons, multiple selection was not availably in W2K which made it tedious to change several users home directory in one operation.

    2) Drag-and-drop ability. One irritation of W2K is that you cannot drag and drop users and computers between OUs. This has been corrected in the latest Active Directory.

    3) Save your queries. Tip save search queries that you use often in Active Directory Users and Computers, it saves time when you have to repeat the query later.

    4) Application directory partitions. Useful for controlling the replication scope for DNS (Domain Name System) data stored in Active Directory so that only specific domain controllers in the forest replicate DNS zone information.

    5) Universal group membership cached. Avoid the need to locate a global catalog across a WAN link during logons by storing user universal group memberships on an authenticating domain controller.
    From: http://www.computerperformance.co.uk...xedvnative.htm
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Reasons for 2000 Mixed to 2000 Native mode

      Really appreciated. Thank you very much.

      Comment


      • #4
        Re: Why should you raise the Domain Functional level from 2000 Mixed to 2000 Native m

        Originally posted by EzakialL View Post
        Hi,

        I would like to know reason for upgrading the domain functional level from windows 2000 mixed mode to windows 2000 Native mode. I'm gonna use ADMT 3.0 for migration from windows 2000 to 2003. Is there any other reason apart from the below one for raising the Windows 2000 mixed to native mode.

        "---
        If the functional level of the source domain is Windows 2000 mixed, ADMT cannot transform the global group into a universal group because universal groups cannot exist at that functional level. Even if the target domain is in native mode, however, users in mixed mode domains would not get the SIDs of universal groups in their access tokens, if the groups are from outside the domain. Therefore, ADMT creates a copy of the global group in the target domain and adds all migrated users to the copy of that group. This group has a new security identifier (SID) and no SID history. This method does not preserve access to resources unless you run the ADMT Security Translation Wizard in Add mode to update permissions, which delays and complicates the migration process. For this reason, it is not recommended that you restructure domains that are operating at the Windows 2000 mixed domain functional level or the Windows Server 2003 interim domain functional level. ---"

        Thanks!
        Yes a very Simple answer why :
        ADMT 3 prerequisites:
        All target domains must be operating at the Windows 2000 native or Windows Server 2003 functional level.

        Comment

        Working...
        X