Name
native mode
Synopsis
A domain mode that supports only Windows 2000 domain controllers and not downlevel Windows NT ones.
Description
When you create a new Windows 2000 domain either by installing a fresh copy of Windows 2000 Server on a computer and promoting it to the role of domain controller or by upgrading the PDC of an existing Windows NT domain, the resulting Windows 2000 domain is set by default to operate in mixed mode to support downlevel Windows NT domain controllers. Once your Windows NT domain has fully migrated to Windows 2000, there are several reasons why you should change the domain to native mode—a mode that does not support backward compatibility with Windows NT domain controllers. The main reason is that native mode supports the following features that mixed mode does not:
Universal groups (mixed mode supports only global and domain local groups)
Nesting of groups beyond a single level
Automatic transitive trusts between domains in a tree
Kerberos v5 as the network authentication protocol, instead of NTLM
Tip
For information on mixed mode, see mixed mode later in this chapter. For information on converting modes, see domain.
Notes
If a domain is running in native mode, users cannot log on to the network unless a global catalog server is available for them to connect to.
You can switch a domain from mixed mode to native mode, but not the reverse.
It’s OK to have some domains running in native mode and others in mixed mode during the migration process. Clients will still ...
Get Windows 2000 Administration in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
