Going to Native Mode from Mixed Mode on a smaller network will basically just add the "Universal Group". Native mode is actually where the 2-way transitive trusts that Win2K has that is touted as a huge improvement over NT's 1-way trusts. (ie if Domian A trusts B and B trusts C then in Win2K A also trusts C) (this is the end of my right-to-the-point answer to your questions ;-) )
Universal groups can contain users, global groups and other univeral groups from ANY domain the the forest (but not from other forests b/c forests don't share any security information). An intersting side-note is that Universal groups are stored in the Global Catalog in their intirety...so that logon requests don't have to traverse the entire forest befor finding a DC that grants permission. This is actually a catch 22 b/c if the Global Catalog gets too big, then the searching takes too long and logon performance actually decreases... Another thing to keep in mind is the location of the Global Catalog...again in smaller networks there is typically one Acive Directoy Controller designated as the Global Catalog controller...if you have different physical sites or a huge network you may need to have 2 or more Global Catalog Controllers. If a connection can't be made to the Global Catalog, then only people that can logon are Domain Admins. Mixed Mode allows NT4 BDC's to get replication information from the DC's in Win2k. So if you're using NT4 at all you need to stay in Mixed Mode. If all the DC's are win2k then you may go to Native. How do you go to native? Start -> programs -> Admin tools -> ad Domain and trusts (or start -> run "domain.msc") Then just click the button that says "change mode". It askes if you're sure. Then every DC in the Domain must be restarted (though not at the same time or anything) How do you get back to Mixed? You can't. -tim -----Original Message----- From: leon [mailto:[EMAIL PROTECTED]] Sent: Monday, May 13, 2002 7:50 PM To: [EMAIL PROTECTED] Subject: Active Directory Security Migration Questions: Hi I had a coworker ask me the following questions and I was unsure of the answers to most so I thought I might ask for some help. 1) What does native mode bring in terms of granular user rights and group policy that mixed mode does not? 2) Are there specific security advantages to using native mode over mixed mode? If so what are they? I really appreciate the help and thanks again. Cheers, Leon
