Re: Active Directory Security Migration Questions:
From: Greg Francis (francis@gonzaga.edu)Date: 05/15/02
- Previous message: Kevin Guidry: "Re: User Log off"
- In reply to: Dozal, Tim: "RE: Active Directory Security Migration Questions:"
- Next in thread: Tim Vidas: "RE: Active Directory Security Migration Questions:"
- Next in thread: Phydeaux: "RE: Active Directory Security Migration Questions:"
- Reply: Tim Vidas: "RE: Active Directory Security Migration Questions:"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Greg Francis" <francis@gonzaga.edu> To: "Dozal, Tim" <tdozal@cisco.com>, "leon" <leon.inyc@verizon.net>, <security-basics@securityfocus.com> Date: Tue, 14 May 2002 21:26:46 -0700
----- Original Message -----
From: "Dozal, Tim" <tdozal@cisco.com>
To: "leon" <leon.inyc@verizon.net>; <security-basics@securityfocus.com>
Sent: Tuesday, May 14, 2002 11:10 AM
Subject: RE: Active Directory Security Migration Questions:
> I am no AD expert but my experience is that in Mixed mode you will use
NTLM (i.e NT 4) authentication (plain test transmission)) when connecting
between hosts on the network. If your infrastructure has any non-windows
2000/XP machines then you must use mixed mode. If you are building a whole
new environment and have no need to connect to legacy OS's then you can run
in native mode and take advantage of the higher level security of the
Kerberos authentication model (I think MD5 crypto on the transmissions).
Most migrations will not be able to do this because they are not replacing
every host with a windows 2000 or newer OS.
>
> I welcome people to expand on this for my own knowledge also.
>
> -Tim
This isn't quite correct. Mixed-mode is only required if you want to have
NT4 backup domain controllers in your domain. Once all of the DCs in a
domain are W2K, you can convert to native mode. You can have NT4 member
servers and workstations in a native mode domain. You can also have Win9x
machines in a native mode domain but they never really join the domain
anyway.
Greg
Greg Francis, Sr. System Administrator
Central Computing and Network Support Services
Gonzaga University -- Spokane, Washington
509-323-6896 francis@gonzaga.edu
- Previous message: Kevin Guidry: "Re: User Log off"
- In reply to: Dozal, Tim: "RE: Active Directory Security Migration Questions:"
- Next in thread: Tim Vidas: "RE: Active Directory Security Migration Questions:"
- Next in thread: Phydeaux: "RE: Active Directory Security Migration Questions:"
- Reply: Tim Vidas: "RE: Active Directory Security Migration Questions:"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
