I am no AD expert but my experience is that in Mixed mode you will use NTLM (i.e NT 4) authentication (plain test transmission)) when connecting between hosts on the network. If your infrastructure has any non-windows 2000/XP machines then you must use mixed mode. If you are building a whole new environment and have no need to connect to legacy OS's then you can run in native mode and take advantage of the higher level security of the Kerberos authentication model (I think MD5 crypto on the transmissions). Most migrations will not be able to do this because they are not replacing every host with a windows 2000 or newer OS.
I welcome people to expand on this for my own knowledge also. -Tim -----Original Message----- From: leon [mailto:[EMAIL PROTECTED]] Sent: Monday, May 13, 2002 5:50 PM To: [EMAIL PROTECTED] Subject: Active Directory Security Migration Questions: Hi I had a coworker ask me the following questions and I was unsure of the answers to most so I thought I might ask for some help. 1)��What does native mode bring in terms of granular user rights and group policy that mixed mode does not? 2)� Are there specific security advantages to using native mode over mixed mode? If so what are they? I really appreciate the help and thanks again. Cheers, Leon
