Raise Functional Level to 2003 native -- can i still use existing nt4 bdcs for file and print sharin

Discussion in 'Active Directory' started by Rubin Farr, Oct 11, 2005.

  Rubin Farr

    Rubin Farr Guest

    Hello all.

    Running win2k3 enterprise AD. I want to raise domain functional level to
    2003 native. I have no win2k DC's, but still have nt4 bdc's as we upgraded
    directly to 2003. I don't care if they still authenticate domain users
    against the domain, but we do have some file shares on them and one is
    running a fax application (yes - i know, but i inherited them). All I keep
    reading is that they will no longer function...does this mean that they will
    no longer authenticate users, or does this mean they will no longer work on
    the domain period?

    Rubin Farr, Oct 11, 2005
  2. Your NT BDCs will not replicate with the AD DCs.

    Create a new user on an AD DC that user will not replicate to the NT 4.0
    BDCs and since an NT 4.0 BDC only holds a read only copy of the SAM, there
    will be no way to "add" the new user to the NT 4.0 BDC.

    Danny Sanders, Oct 11, 2005
  Rubin Farr

    Herb Martin Guest

    They will not authenticate users AND since they are "stuck" being
    DCs they won't really work on the domain fully either.

    Upgrade them to Win2000/2003 and then you can DCPromo them
    to member servers (non-DCs) or investigate one of the hacks to
    turn a BDC into a non-DC (and make a backup first in case this
    unsupported procedure goes bad.
    Herb Martin, Oct 11, 2005
  4. You should remove them, as NT4 BDC cannot exist in a domain running native
    mode and higher. You can re-install them, or upgrade to W2k(3) and then
    demote to member servers.
    Dmitry Korolyov [MVP], Oct 11, 2005
  Rubin Farr

    Rubin Farr Guest

    Thank You all very much for the replies.

    I really dont want to upgrade these servers as they are dirt old and it will
    take some time to migrate the shares and files over --my main reason for
    changing functional level was to get rid of that 'dial-in' tab on user
    properties and control remote access through policies.

    Guess I will have to wait.

    Rubin Farr, Oct 11, 2005
  Rubin Farr

    Herb Martin Guest

    Almost all older machines CAN be upgraded through some
    method or another -- for instance, moving the hard drive to
    decent motherboard/BIOS will even upgrade an NT 486
    (or really old Pentium) in most cases.

    Herb Martin, MCSE, MVP
    Accelerated MCSE
    [phone number on web site]
    Herb Martin, Oct 12, 2005
