Microsoft Windows NT 4.0 Guide Manual de usuario descargar pdf (Pagina 67)

Microsoft

Windows Server

™

2003 White Paper

Windows NT 4.0 Server Upgrade Guide 62

domain is switched to native mode, Windows NT local groups are converted to domain local

groups on servers running Windows Server 2003.

Domain member computers running Windows NT can continue to display and access the

converted groups. The groups appear to these clients as Windows NT Server 4.0 local and global

groups. However, a Windows NT client cannot display members of groups or modify the member

properties when that membership violates Windows NT group rules. For example, when a

Windows NT client views the members of a global group on a server running Windows Server

2003, it does not view any other groups that are members of that global group.

Using Converted Groups with Servers Running Windows Server 2003

Client computers that do not run Active Directory client software identify groups with universal

scope on servers running Windows Server 2003 as having global scope instead. When viewing

the members of a group with universal scope, the Windows NT client can only view and access

group members that conform to the membership rules of global groups on servers running

Windows Server 2003.

In a Windows Server 2003 domain that is set to a domain functional level of Windows 2000

native, all the domain controllers must run on servers that run Windows Server 2003. However,

the domain can contain member servers that run Windows NT Server 4.0. These servers view

groups with universal scope as having global scope and can assign groups with universal scope

rights and permissions and place them in local groups.

In a Windows Server 2003 domain, a Windows NT Server 4.0 member server running

Windows NT administrative tools cannot access domain local groups. However, you can work

around this by using a server running Windows Server 2003 and using the administrative tools in

its Windows Server 2003 Administration Tools Pack to access the server running Windows NT

Server 4.0. You can use these tools to display the domain local groups and assign to them

permissions to resources on the server running Windows NT Server 4.0.

Completing the Upgrade of the Domain

If you have upgraded all existing Windows NT Server 4.0 and earlier PDCs and BDCs to Windows

Server 2003, and you have no plans to use Windows NT Server 4.0 and earlier domain

controllers, you can raise the domain functional level from Windows 2000 mixed to Windows 2000

native.

Several things happen when you raise the domain functional level to Windows 2000 native:

• Domain controllers no longer support NTLM replication.

• The domain controller that is emulating the PDC operations master cannot synchronize data with

a Windows NT Server 4.0 and earlier BDC.

• Windows NT Server 4.0 and earlier domain controllers cannot be added to the domain. (You can

add new domain controllers running Windows 2000 or Windows Server 2003.)

• Users and computers using previous versions of Windows begin to benefit from the transitive

trusts of Active Directory and (with the proper authorization) can access resources anywhere in

the forest. Although previous versions of Windows do not support the Kerberos v5 protocol, the

1 2 ... 62 63 64 65 66 67 68 69 70 71 72 ... 154 155

Comentarios a estos manuales

Sin comentarios

Microsoft Windows NT 4.0 Guide Manual de usuario Pagina 67

Comentarios a estos manuales

Relacionado con productos y manuales para Servidores Microsoft Windows NT 4.0 Guide