AD Native mode

[Dinendra_kbsl]

Its a known fact that if i change the AD forest from mixed
mode to Native mode only windows 2000/XP clients can use
the domain resources.
I need to setup a Firewall(PIX), where i have to enable
user authentication for Web browsing using AD domain
usernames and pwds. For that i need to do necessary
settings in the "Dial in" tab of the user properties. For
this scenario, the AD domain should be in Native mode.
But i have Windows 98 clients in my network. is there
anyway that Win98 clients can exist after i change the
domain to native mode?
using AD client or DS client tools, is it possible to do?

pls advice

 

[jdsal]

You CAN have pre-Windows 2000 clients in Native Mode AD
(http://support.microsoft.com/default.aspx?scid=kb;EN-US;186153). The
general rule for Native Mode AD is that you cannot add or maintain NT BDCs.

 

[Deji Akomolafe]

Its a known fact that if i change the AD forest from mixed
mode to Native mode only windows 2000/XP clients can use
the domain resources.

Actually, that's news to me. The ONLY important thing you can NOT do in
Native mode is add an NT4 "DOMAIN CONTROLLER".

HTH

Deji

 

[Mike Brannigan [MSFT]]

Its a known fact that if i change the AD forest from mixed
mode to Native mode only windows 2000/XP clients can use
the domain resources.

Incorrect !

The forest mode is only related to the types of opertaing systems that are
supported as Domain controllers.
It has nothing to do with the client operating systems supported. All
supported clients are supported in all modes of Windows 2000 Server. (This
includes MS-DOS (with the LanMan client 2.2c installed), Windows For
Workgroups 3.1x, Windows 9x/Me and the entire NT based product family NT
4.0, Windows 2000/XP Professional/"Longhorn")

--
Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

 

[James]

The mode of the domain has nothing to do with client interoperability. You
only need to remain in mixed mode if you have legacy NT4 domain controllers
in the domain.

James

 

[Rick]

Microsoft has developed extensions for the Windows® 95, Windows 98, and
Windows NT® 4.0 operating systems that allow those client platforms to take
advantage of features provided by the Windows 2000 Active DirectoryTM
service. These client extensions were developed for customers who wish to
deploy Windows 2000 Server in environments with Windows 95-, Windows 98-,
and Windows NT 4-based client workstations.

Here is the link

You may also need to check your GPO's to see if you authentication policy
has changed. If change to only allow Kerberos authentication older clients
will not be able to login to your domain. Have you by chance applied the
high security template I believe this will disable NTLM and NTLM2 i.e. for
to Kerberos authentication?

 

[Rick]

Sorry had an error in the last post. I should have read if you force NTLM v2
older clients will not be able to login. LM and NTLM are used by the older
versions of windows. Look at you GP authentication in the network portion
of the Computer policy