RE: [ActiveDir] Mixed Exchange and Mixed AD Modes

[joe]

Title: Message

I wouldn't completely agree with you as I have seen a case to the otherwise, but mostly I agree with you. :o)   My main thing I tell people, test in the lab with your primary LOB stuff and make sure you don't get impacted there before setting your world on fire.     joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of GRILLENMEIER,GUIDO (HP-Germany,ex1) Sent: Tuesday, February 10, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Mixed Exchange and Mixed AD Modes switching to native doesn't change the security model (other than allowing you to do new things, such as the creation of universal security groups and leveraging SIDhistory).    Apps would have failed already, after you've inplace-upgraded your NT4 domain to 2000 and at this stage only have 2000 DCs left over => so if you had an app in your environment that can't work with the new AD security, you'd already have noticed it by now (the "new AD security" referrs to things such as requiring authentication to browse the directory - which you may still have enabled by having the "everyone" well-known-security-principal nested in the "Pre-Windows 2000 Compatible Access" group).   Same goes for Citrix - if you don't have any problems now (which I doubt you'd have with Citrix), you won't have any when switching to native mode either.    /Guido From: Jb Leney [mailto:[EMAIL PROTECTED] Sent: Dienstag, 10. Februar 2004 16:39 To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Mixed Exchange and Mixed AD Modes Excellent point Rich...I will have to dig around and see of we have any strange legacy apps that will fail.   Offhand, anyone know if Citrix has problems against Native mode? (I know, very generic question; I am not the Citrix admin here...)   Thanks,     Justin L. x4903 -----Original Message----- From: Rich Milburn [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 10, 2004 9:58 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Mixed Exchange and Mixed AD Modes Make a last check that you don’t have any older software that might be doing authentication that looks for an NT PDC, and that you don’t have any strange stuff that must be run on a DC.  I’ve seen a security admin package break when I switched to Native mode – native mode changes the security model for the domain and can sometimes break poorly written apps that do old-style authentication against NT.  Sorry I’m not being more specific on that, but I can’t recall the specifics of what changes as quickly as someone else here could probably point it out (please do people J ).  If you don’t have this concern either then I don’t know of any other issues you’d have. Rich   From: Celone, Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 10, 2004 8:12 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Mixed Exchange and Mixed AD Modes   Should not be a problem at all.  You only need to stay in Mixed Mode if you have NT4 DCs which you don't.  External trusts will still work also.   Mike Celone Systems Specialist Radio Frequency Systems v 203-630-3311 x1031 f 203-634-2027 m 203-537-2406     From: Jb Leney [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 10, 2004 8:57 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Mixed Exchange and Mixed AD Modes Hi, this is a (hopefully) quick question that I have not had much luck researching.   We're running Exchange 5.5 and Exchange 2000. Our domain is in Mixed mode.   We have a business need to go to Native mode very soon, maybe even today.   We have no more NT4 DC's, although we do have two-way trusts with several NT4 domains.   Question: Will flipping the switch to Native mode negatively impact our Exchange site and/or any trust relationships?   Any advice would be greatly appreciated!   Thanks,   -Jbl     -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.