So as I understand it from what people have sent back to me: The only difference between running in mixed or native mode is that you can not have any NT 4 BDC's in native mode. Other than that the domain will behave similar? If that's the case is there any best practices available for when to use native and when to use mixed? And along this line is there a security impact from those choices?
Tim Dozal Lab Manager - ECSBU Cisco Systems Inc. e: [EMAIL PROTECTED] p: (206)-256-2900 x3280 f: (206)-256-3640 -----Original Message----- From: Tomasz Onyszko [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 15, 2002 3:25 PM To: Dozal, Tim; [EMAIL PROTECTED] Subject: Re: Active Directory Security Migration Questions: Dozal, Tim <[EMAIL PROTECTED]> napisal w swojej wiadomosci: > I am no AD expert but my experience is that in Mixed mode you will use > NTLM (i.e NT 4) authentication (plain test transmission)) when > connecting between hosts on the network. Older NTLM authentication is used in both modes (mixed and native) when client cann't use Kerberos v5 authentication in example, when You connect with regular Windows 98 client to the Windows 2000 Server, which is a member of a AD domain, and the Windows 98 client host also is the member of this domain. Any non-Kerberos enabled client will use NTLM v1 or v2 authentication > If your infrastructure has any non-windows 2000/XP machines then you > must use mixed mode. >From my expirience that is not true. In native mode You can use a legacy non-Windows 2000 clients in Your network. You cann't only use Windows NT BDC at this network. In mixed and native mode You can use NTLM v1 or v2 authetication if You don't disable this possibility through the settings in the registry or through GPO. Tomasz Onyszko
