Sort of like "The directory situation has developed not necessarily to our advantage", to paraphrase Emporer Hirohito.
-gil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Friday, December 05, 2003 8:58 AM To: AD mailing list (Send) Subject: RE: [ActiveDir] Windows Server 2003 interim domain functional level ? Correct ... and simply to re-iterate, I would strongly advise against overriding the rules the UI enforces. They're there for a number of good reasons, the outcome would likely be less than desirable. Dean -- Dean Wells MSEtechnology * Tel: +1 (954) 501-4307 * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Solange Desseignes Sent: Friday, December 05, 2003 10:25 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Windows Server 2003 interim domain functional level ? Thank you Dean ! If I have understood, in "2003 interim" domain functional level : - Normally, ntMixedDomain="1" and the group nesting rules are the same as in "2000 mixed" domain functional level. - But, it is possible to set manually the ntMixedDomain attribute to "0" (not a correct use and with some disadvantages), then the group nesting rules are the same as in "2000 native" domain functional level. Right ? Solange Desseignes -----Message d'origine----- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de Dean Wells Envoyé : vendredi 5 décembre 2003 16:18 À : AD mailing list (Send) Objet : RE: [ActiveDir] Windows Server 2003 interim domain functional level ? The value should be 1. The UI will enforce an nTMixedDomain value of 1 and will prevent the use of domain (and subsequently forest) functional level 1 if this value does not prevail. However, the nTMixedDomain attribute is not particularly well protected by the DSA and can be manually set to 0 once the domain functional level has been increased, sadly, allowing use of Universal Groups etc. at a functional level indicating that NT4 BDCs are still permissible. I've not tested this nasty configuration with NT4 BDCs present primarily because I feel one or more of the following is likely and, at least in my world, it provides no obvious advantages - * NT4 BDC downlevel replication from the PDC FSMO will fail * Authentication for downlevel clients will become non-deterministic Regarding your second question, group nesting limitations are imposed by the nTMixedDomain attribute not the msDS-Behavior-Version and are, as such, limited to mixed mode constraints when correctly paired with the domain functional level or native mode constraints if you decide to violate the rules as described above. HTH Dean -- Dean Wells MSEtechnology * Tel: +1 (954) 501-4307 * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Solange Desseignes Sent: Friday, December 05, 2003 9:34 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Windows Server 2003 interim domain functional level ? Hi, I have two questions about "Windows Server 2003 interim" domain functional level : 1. I have read that in "2003 interim" domain functional level the "msDS-Behavior-Version" attribute of the domain entry in Active Directory is set to "1", but what is the value of the "ntMixedDomain" attribute ? 2. I can find clear information on the nesting groups rules in "2003 interim" domain functional level ? What are these rules ? The same as in "2000 native" or the same as in "2000 mixed" ? Thanks in advance for your answers... Solange Desseignes List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
