I really thought that it was per DC. I understood that NT4 boxes and similar will simply not be able to authenticate to any 2008 R2 DC. We did the same upgrade 2.5 years ago. We had a few NT4 workstations, but we removed them from the domain or retired them before the upgrade. This article seems to support what I'm saying without being specific. I skimmed it, but I'm also understanding that with a Windows 2008 DC you can change the setting, but not on Windows 2008 R2: http://support.microsoft.com/kb/942564
One other thing to watch out for which is not so widely known is that if you have ever done an authoritative restore on the Windows 2003 domain, you need to install this patch beforehand to avoid certain issues with RDP and I think a few other things. See the Cause section: http://support.microsoft.com/kb/939820 Charlie Sullivan Sr. Windows Systems Administrator From: [email protected] [mailto:[email protected]] On Behalf Of Phil Hershey Sent: Sunday, February 09, 2014 11:00 AM To: [email protected] Subject: [NTSysADM] AD 2003 -> 2008 Transition Have a number of 2003 DCs in a 2003 Native Mode forest. We've finally committed to upgrading to 2008 R2. Done the schema extensions, but I have a concern about the issue raised in a KB that I now cannot track down about the NT4-mode authentication no longer functioning. We haven't had an NT4 box in years, but we do have a number of older NAS systems (Buffalo units) and old applications. My question has to do with when this loss of functionality occurs. Is it when the first 2008 R2 DC is promoted into the 2003 functional level domain, or is it actually when the forest functional level is first elevated to 2008 R2 (which makes the most sense to me). Thanks in advance. - Philip This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
