I have both a Windows NT 4.0 SP4 server and a Windows 2K Server SP2 running active directory as domain controllers over Win 9x, 2000 workstations. As far as I can tell they both handle some functions for some workstations some of the time and I can't find any consistency. I'm getting ready to upgrade Exchange 5.5 to 2000 and need to figure out excactly who is in control. I was wondering if anybody can tell me where to find information on how these two domain controllers are working together. I hope this makes some sense to somebody.

Yes. I can tell you exactly what is happening. The NT machine is a Backup Domain Controller in the domain. Windows 2000 Domains allow for two modes - native mode and mixed mode. Mixed mode is the default mode. It means that the domain will allow NT4 domain controllers. It also means that not all functions of Active Directory (AD) are operational. For example there are no Universal groups and a few other things. The NT BDCs will look to the windows 2000 DC running as the PDC emulator. This is usually the first w2k DC in the domain but that role can be moved. When all the NT4 BDCs have been removed or upgraded to Windows 2000 you can then switch the domain to Native mode which allows all AD functions to operate. You asked who is in control. Windows 2000 DCs are absolutely in control and 'allow' the NT4 BDCs to exist. In other words, Windows 2000 AD domains all NT4 domain controllers to exist to allow for backward compatibility and to help in the migration process. It is recommended to remove NT4 DCs when possible to allow all of the AD funtions to be enabled. Hope that helps.

That helps a lot. Thanks. That also brings up two more questions. 1. Our 2k server went down a couple days ago. Why could everybody but the windows 2k pro workstations could log onto to the domain? 2. Do I have to eliminate the nt 4 server to upgrade the active directory controller from windows 2000 to exchange 2000? I know the second question might belong on a different message board, I thought I'd try though.

For question number 1. This has to do with the authentication type. Windows 2000 comptuers will attempt to authenticate using a protocol called Kerberos. This is a much more secure method of authentication than the NT authentication called NTLM. Once a Windows 2000 client authenticates using Kerberos it will only authenticate using Kerberos. The NT machines do not understand Kerberos so the w2k machines will not talk to them. As far as Exchange goes, I'm not sure. I'm not an Exchange expert but I think you have to have a native Windows 2000 domain for Exchange but don' hold me to that. I'm really not certain of that one.

Thanks for your help. I think your right about needing a native domain. I can't find anything that specifically says it but everything points to that.