AD Upgrade: "Permissions compatible with pre-Win2k servers" 2

[jhmattern]

We just migrated an NT4 domain (15 servers/200 clients) to Win2003 AD. It went smoothly except for one dialogue box that spooked us into choosing

"Permissions compatible with pre-Windows2000 servers".
"Select this option if you run server programs on pre-
Windows2000 servers or on Windows2000 Servers that are
members of pre-Windows2000 domains."

Our SQL7 servers (e.g. "server programs") run on NT4 member servers; as a result, with SQL being critical to our business, we chickened out and kept the pre-Win2000 perms and avoided native mode.

We want to go native for a variety of reasons but does Microsoft mean that SQL7 might be broken if we use it on NT4 member servers in an AD domain? We aren't against eventually upgrading SQL (we have already purchased the licensing) but this will have to be an implementation for another time.

Is there any danger in going with the post WinNT perms and then shifting the domain to native mode or are we being overly cautious?

Thanks in advance.

 

[MTVW]

In native mode you can have NT member servers.....just no NT BDC's. So you should be fine.

 

[adcfaq]

The Pre-Windows 2000 Compatible Access group grants Everyone the same ability to browse through the Active Directory, to read permissions on every attribute of every object. OUCH! This is a little too much free information flow.
The default membership of Pre-Windows 2000 Compatible Access group includes the Everyone group. To tighten up the system you need to remove the Everyone group from the Pre-Windows 2000 Compatible Access group .

You need to test. Just like the Windows NT anonymous connections issues, you may not be able to close the whole because of unique issues within your enterprise. Certain down level clients may not function, particularly Win9x clients.



------------------------------------
Directory Services/Exchange Consultant