Perfect sense, thank for the reply. Understand about Lanman rep to downlevel versions.
What effect would it have if a DC was authorativelly restored pre native mode and the other dc's were native mode? This presumes no group nesting had taken place. On the DC, the built in groups (scema admin, ent admin) that had become USG, would be DGG allready. This would re-introduce a value of 1 in the nTMixedDomain attrib on the domain NC. Would the domain "shift back" to mixed mode? Thanks for your time so far Jorge. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: 21 April 2005 01:17 PM To: 'Nicolas Blank '; '[EMAIL PROTECTED] '; '[email protected] ' Subject: RE: [ActiveDir] Native Mode Switch As you know, changing the mode or FL switch to an upper level introduces new features. One of the consequences is that the DCs will not accept Lanman repl which is used by legacy DCs (NT4). Some of the features that are introduced are also not supported by NT4 DCs. One of the examples is UNIVERSAL SECURITY GROUPS (USGs) (group nesting is another). USGs only exist in at least DFL w2k native mode. If you switch to native mode and create USGs and use them to secure resources. Lets say that you want to go back to mixed mode... you would need to first undo all new introduced functionalities like the USGs and the group nesting. Does this make sense? #JORGE# -----Original Message----- From: [EMAIL PROTECTED] To: [email protected] Sent: 4/21/2005 12:03 PM Subject: RE: [ActiveDir] Native Mode Switch I hear you. I do know what the switch achieves in terms of functionality, I understand the litterature, have done this, have explained the same to clients, however I am faces with the Question of Why this is a non reversible switch? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: 20 April 2005 09:07 PM To: 'Nicolas Blank '; Jorge de Almeida Pinto; '[email protected] ' Subject: RE: [ActiveDir] Native Mode Switch Manually re-writing the attribute will not work. Also see: http://support.microsoft.com/kb/322692 http://www.petri.co.il/understanding_function_levels_in_windows_2003_ad. htm Jorge -----Original Message----- From: Nicolas Blank To: 'Jorge de Almeida Pinto'; [email protected] Sent: 4/20/2005 8:25 PM Subject: RE: [ActiveDir] Native Mode Switch Thanks for the answer. This is understood, however, what are the implications of manually re-writing the nTMixedDomain value back to 1? Also, what actions does a DC take once the value change is efected that makes the cange non-reversible? -----Original Message----- From: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED] Sent: 20 April 2005 08:17 PM To: 'Nicolas Blank '; '[EMAIL PROTECTED] '; '[email protected] ' Subject: RE: [ActiveDir] Native Mode Switch When you convert the domain to native mode the attribute nTMixedDomain on the domain NC head of the replica where the change is made is changed from 1 to 0. This change replicates out to all other replicas. There is no way you can change this attribute back without doing a disaster recovery for the domain. The main thing here is that you don't have legacy DCs in the domain anymore!!! I can think of the following solutions to test the change of the mode switch: * Create a copy of the particular machine with the SNA application and test that in a test environment * Create a full backup of the particular DC with the SNA app, disable OUTBOUND replication for that DC (REPADMIN) and change the mode switch. If something goes wrong restore the DC and enable replication again (the latter is needed as the restored DC will receive the disabled state from the other DCs. Jorge -----Original Message----- From: [EMAIL PROTECTED] To: [email protected] Sent: 4/20/2005 7:30 PM Subject: [ActiveDir] Native Mode Switch Sorry, hijacked the topic by mistake. Appologies. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nicolas Blank Sent: 20 April 2005 07:21 PM To: [email protected] Subject: RE: [ActiveDir] GC's Eric,Joe,Al,Carlos,Guido Question for you guys and the wider audience. What happens EXACTLY in Win2k on a DC(s) when the native mode switch is pushed, and what are the ramifications of changing the attribute back to reflect mixed mode one this has happened? I have a customer with a nervous disposition that doesn't believe me when I say there ain't no way back that's supported without doing a AD DR. Background is a business critical SNA application that HAS to live on a DC. MS is cool about switching to native, but customer is REALLY nervous. Any insight will be appreciated. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
