Microsoft

Understanding the difference between mixed mode and native mode in Windows 2000

Windows 2000 has many new features, but you can't take advantage of some of them when you run your server in mixed mode. In this Daily Feature, John Sheesley explains mixed and native modes and how they relate to Windows 2000.


As I mentioned in the Daily Feature entitled “Understanding the difference between mixed mode and native mode in Exchange 2000,” you can operate your Exchange 2000 server in either mixed or native mode. When you run Exchange 2000 in mixed mode, it can coexist with Exchange 4.x and 5.x servers. When you run it in native mode, it can’t, but you do gain added architectural advantages. But did you know that Windows 2000 also has native and mixed modes? In this Daily Feature, I’ll look at the differences.
Even though Windows 2000 can run in mixed mode or native mode, those modes have nothing to do with mixed or native mode in Exchange 2000. Microsoft uses the same terminology, and though the concepts of the two different modes are similar, they have nothing to do with each other. For example, you could run Exchange 2000 in native mode while still operating the Windows 2000 server it’s running on in mixed mode.
What’s mixed mode?
As you can probably guess by the name of the term, mixed mode in Windows 2000 means that your Windows 2000 server functions in a manner that allows it to work with older versions of Windows NT. Specifically, in mixed mode, Windows 2000 can operate with Windows NT 4.0 servers and Windows NT 4, Windows 9x, and Windows 3.x workstations. When Windows 2000 is running in mixed mode, it behaves and communicates in a way that earlier versions of Windows NT understand. As far as they’re concerned, the Windows 2000 server looks just like a regular Windows NT 4 Primary Domain Controller (PDC).

When you upgrade a Windows NT 4 PDC to Windows 2000, it can still communicate with NT 4 Backup Domain Controllers (BDCs) on your network using the PDC emulator. Changes made to users or groups in Active Directory will then be replicated to the BDCs. You can then smoothly upgrade your Windows NT 4 BDCs to Windows 2000 over time, but you won’t be forced to do it all at once.

As you know, Windows 2000 does a lot more than Windows NT. When you run Windows 2000 in mixed mode, Windows 2000 “dumbs itself down” so it can talk to the earlier versions. In the process, Windows 2000 loses some of its features and must play by Windows NT 4 rules.

One of the rules that Windows 2000 must obey is that you can’t nest groups within groups. If you want members of one group to belong to another group, you must explicitly add each user object to the second group. Windows NT also doesn’t follow the concept of Universal groups.

Windows 2000 must also abide by the limitations in the NT 4 SAM database. Because the Windows 2000 PDC emulator must replicate changes back to the Windows NT 4 BDCs, Microsoft limits Active Directory from growing beyond NT 4’s limit of 40,000 objects.

What’s native mode?
When you run a Windows 2000 server in native mode, it can no longer replicate changes to and from Windows NT BDCs. Nor can you add any additional Windows NT servers to your network. Any Windows NT Workstation or 9x clients you have will have to use the Active Directory client to access files on the Windows 2000 server.

After you switch your Windows 2000 servers to native mode, you’re no longer bound by the restrictions and limitations imposed by Windows NT. You can create Universal groups as well as nest groups within groups. Running in native mode also eliminates the limit on the number of objects that Active Directory can support.

Switching to native mode also eliminates the replication bottlenecks that could occur under the NT 4 scheme. All domain controllers can participate in multimaster replication and can perform directory updates.

Finally, switching to native mode can also make your network more secure. When you’re running Windows NT servers on your network, you can’t use Kerberos to authenticate network clients. Clients can still access the network using relatively unsecure NTLM authentication.

Going from mixed to native mode
If you have Windows NT servers in your organization, you can’t switch the mode of your Windows 2000 servers to native mode until you either decommission or upgrade the NT servers. Therefore, make sure you have no Windows NT servers left in your organization and no plans to add any NT servers in the future.

When you first install Windows 2000 or upgrade an existing Windows NT 4 server to Windows 2000, Windows 2000’s Setup program sets it to mixed mode—whether or not there are any NT 4 servers on your network. Even if your Windows 2000 is brand new and is the only Windows 2000 server on your network, Setup forces it to be in mixed mode.

To see which mode your Windows 2000 server is currently running, check the server’s properties in Active Directory Domains And Trusts. Click Start | Programs | Administrative Tools | Active Directory Domains And Trusts. When Active Directory Domains And Trusts starts, right-click the Domain icon in the left pane and select Properties. Check the Domain Operation Mode field on the General tab of the domain’s property page. The Domain Operation Mode field displays the current mode your server is running in.

If you want to change to native mode, click the Change Mode button. Be very, very sure you want to change Windows 2000’s mode. Once you switch to native mode, there’s no going back. Your only choice is to reinstall Windows 2000. When you click Change Mode, Active Directory Domains And Trusts will display a warning screen reminding you of this fact. Click Yes to complete the conversion.

Conclusion
To maintain backward compatibility with earlier versions of NT, Microsoft allows Windows 2000 to run in mixed mode or native mode. If you’re running mixed mode, you’re missing out on some of Windows 2000’s new features and advantages. In this Daily Feature, I’ve explained the differences between these modes, and I have shown you how to make the switch from mixed mode to native mode.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

Editor's Picks