All, Please help me resolve a "discussion" with some strong opinions on both sides of the camp. You see, our reading on the role of the PDC Emulator in regard to a mixed-mode domain with downlevel clients (we're not upgrading the NT4.0 client software) has left us with differing interpretations.
We agree and understand that the PDC Emulator is contacted directlry by the downlevel clients to change their passwords. We also understand and agree that the PDC Emulator is the source of SAM replication. Our disagreement is in authentication. Some folks are reading it as all downlevel client activity, including authentication, is done at the PDC emulator. Others read this as the downlevel client is authenticated by the domain controller that responds first (or the last time the client was authenticated [we're also a bit unclear on that concept]). To me, this is very clear (but I could be the cause of the confusion). In a branch office environment running mixed mode we would have a combination of Win2k and NT4.0 domain controllers in the field offices. The NT4.0 BDC's are not aware of the fact that they're really part of an AD domain and nor would the clients. Thus, if the client's don't know about AD, and the BDC doesn't know about AD, how would the client know that it had to contact the PDC emulator to be authenticated? It wouldn't. Hence, downlevel client authentication must occur at any domain controller (again, the one that responds first [or the last one]). Please help clear this up and please include a link to something that helps clear this up. Thanks, Mike Baudino ******************* PLEASE NOTE ******************* This E-Mail/telefax message and any documents accompanying this transmission may contain privileged and/or confidential information and is intended solely for the addressee(s) named above. If you are not the intended addressee/recipient, you are hereby notified that any use of, disclosure, copying, distribution, or reliance on the contents of this E-Mail/telefax information is strictly prohibited and may result in legal action against you. Please reply to the sender advising of the error in transmission and immediately delete/destroy the message and any accompanying documents. Thank you. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
