RE: Coexistance of Windows 2000 and Windows 2003

From: John Coke (jcoke_at_anodynetech.com)
Date: 10/27/03

  • Next message: lwolrab_at_deltanet.net: "RE: Coexistance of Windows 2000 and Windows 2003"
    Date: Mon, 27 Oct 2003 15:09:02 -0600
    To: <fh@rcs.urz.tu-dresden.de>, <focus-ms@securityfocus.com>
    
    

    I'm not sure what your consultant means when he says "master." I will
    say that the permissions structure in AD is meant to isolate the
    directory from domain changes in one of the children. That is to say
    that you cannot make forest-wide changes w/o being an Enterprise Admin.
    If he's talking about a forest-wide FSMO role owner, you cannot change
    those w/o being an Ent. Admin.

    Now you will have to make schema changes (requires Ent. Admin.) before
    you promote that first WS 2003 DC as well as make domain-level changes
    (requires Domain Admin.). The MS WS 2003 deployment guides document
    this at length. For that matter you should forward a copy of it to your
    consultant. 2003 was designed to interoperate with 2000 for large scale
    migrations.

    Regards,
    -John

    -----Original Message-----
    From: Frank Heyne [mailto:fh@rcs.urz.tu-dresden.de]
    Sent: Monday, October 27, 2003 8:54 AM
    To: focus-ms@securityfocus.com
    Subject: Coexistance of Windows 2000 and Windows 2003

    Hello,

    this is Security related as far as crashing an AD is a security problem,

    therefore I hope the moderator will let it slip through.
    Answers sent to me personally are welcome, I can post a summary to the
    list.

    Question:
    There is a Windows 2000 AD tree.
    One domain down the tree wants to upgrade the DCs to Windows 2003. A
    consultant claims this would cause havoc,because there would be no way
    to forbid the new 2003 DCs to become the master for the entire AD,
    because they have a newer version of Windows.

    I dont believe this to be true, and wonder whether someone has already
    managed it to put a Windows 2003 DC somewhere in a AD tree, without
    changing anything in the tree hierarchy?

    Frank Heyne

    ------------------------------------------------------------------------

    ---
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_focus-ms_031027 
    and use priority code SF4.
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_focus-ms_031027 
    and use priority code SF4.
    ---------------------------------------------------------------------------
    

  • Next message: lwolrab_at_deltanet.net: "RE: Coexistance of Windows 2000 and Windows 2003"

    Relevant Pages

    • AW: Coexistance of Windows 2000 and Windows 2003
      ... Coexistance of Windows 2000 and Windows 2003 ... this is Security related as far as crashing an AD is a security problem, ... One domain down the tree wants to upgrade the DCs to Windows 2003. ... most highly-anticipated industry event of the year. ...
      (Focus-Microsoft)
    • Re: Probable Trojan.
      ... > Have a buddy complaining about his AOL account password being stolen every time he logs onto AOL from his PC at work. ... Based on your FPort results, I assume it's Windows 2000, which doesn't ... OIT Security and Assurance ... most highly-anticipated industry event of the year. ...
      (Incidents)
    • Coexistance of Windows 2000 and Windows 2003
      ... this is Security related as far as crashing an AD is a security problem, ... One domain down the tree wants to upgrade the DCs to Windows 2003. ... most highly-anticipated industry event of the year. ...
      (Focus-Microsoft)
    • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
      ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
      (Securiteam)
    • [NT] Vulnerability in HTML Help Allows Code Execution (MS05-001)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
      (Securiteam)