Windows 2000 and above uses 2 forms of authentication: Kerberos and NTLM.
The operating system will attempt to use kerberos first. If there are no
domain controllers to answer a kerberos request then it will attempt to use
ntlm. If you remove Windows 2000 active directory and promote NT4 BDC to
PDC, the workstation will attempt to make a kerberos authentication which
will fail because no Windows 2000 domain controllers will be available.
Then it will make an NTLM request which should be answered by the NT4 PDC.
The key is giving the workstation the ability to discover the domain
controller. Make sure either WINS is used or LMHOSTS is configured. The
NT4 PDC will broadcast that it is a PDC but broadcast is less reliable than
using WINS. If you wish to test you can remove the Windows 2000 domain
controller temporarily.
Best regards,
Frank Szita [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.