|
Home > Archive > microsoft.public.exchange2000.admin > October 2002 > E2k and Win2k Native Mode
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
E2k and Win2k Native Mode
|
|
|
| When you are upgrading an Ex5.5 environment to E2k by
adding an E2k server, should the Win2k environment be in
Native mode.. or is it ok to still be in mixed mode?
| |
| Ronen Gabbay 2002-10-05, 8:21 pm |
| It is recommended to run the ADC into a native mode Active Directory domain
only.
If you are aware of the complications running the ADC into a mixed mode
Active Directory domain
then it can be done.
--
Please do not send email directly to this alias.
This posting is provided "AS IS" with no warranties, and confers no rights
Ronen Gabbay MCT MCSE+I MCDBA
Hi-Tech College
ISRAEL
"tc" <tcruise@ev1.net> wrote in message
news:7de801c2574d$6a7cd760$9be
62ecf@tkmsftngxa03...
> When you are upgrading an Ex5.5 environment to E2k by
> adding an E2k server, should the Win2k environment be in
> Native mode.. or is it ok to still be in mixed mode?
>
>
| |
| Rich Matheisen [MVP] 2002-10-05, 8:21 pm |
| "Ronen Gabbay" <ronen@hi-tech.co.il> wrote:
>It is recommended to run the ADC into a native mode Active Directory domain
>only.
>If you are aware of the complications running the ADC into a mixed mode
>Active Directory domain
>then it can be done.
In a single domain there's not much difference, though. Only when you
have multiple domains does the need for universal scope become
important.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
| |
| Ashley Webb [MS] 2002-10-05, 8:21 pm |
| The other issue that may cause bigger complications without a Native Windows
domain is if permissions are assigned to Public Folders using 5.5
Distribution Lists. When the ADC replicates Distribution Lists to Active
Directory they are created as Universal Distribution Groups. This will
become a problem once the 5.5 Public Folders are replicated to E2K. The
first time the folder is accessed on E2K a conversion process is attempted.
There is an attempt to upgrade the Universal Distribution Group (UDG) to a
Universal Security Group (USG). In a mixed AD domain this conversion cannot
happen so access to the folder is locked out until corrected by the owner of
the folder. This conversion and "zombie users" are the cause of warning
Event IDs 9551 and 9552. This is rarely a "fun" issue to clean up. If the
UDG exists in a NAtive mode AD domain then the conversion can happen and the
folder remains accessible. The other issue that causes Public Folder greif
is zombie users, but these have nothing to do with Native or Mixed mode
domain.
If you have a single domain and you use public folders and have used
Distribution Lists to assign access permissions to those folders, then yes,
you need a Native AD domain. If you do not use Public Folders or have not
used any Distribution Lists to assign access rights to those 5.5 folders
then you can get by with a Mixed mode AD domain.
In the following KB article there is a pretty good description of the issue
and possible workarounds, but really the only way to deal with this is to
have a Native Mode domain. This is also a good reference to use for the a
Move MAilbox migration from start to finish.
Q316886 How to install Exchange 2000, migrate using Move Mailbox method,
http://support.microsoft.com/defaul...b;EN-US;Q316886
HTH
--
Ashley Webb [MS]
Exchange Support
****** Disclaimer ******
This posting is provided "AS IS" with no warranties, and confers no rights.
Note: Please do NOT reply to this e-mail address. It is used for newsgroup
purposes only.
"Rich Matheisen [MVP]" <richnews@rmcons.com.NOSPAM.COM> wrote in message
news:t9bnnuceidqocqs3c8np7cb9g
i4dp64ci2@4ax.com...
> "Ronen Gabbay" <ronen@hi-tech.co.il> wrote:
>
> >It is recommended to run the ADC into a native mode Active Directory
domain
> >only.
> >If you are aware of the complications running the ADC into a mixed mode
> >Active Directory domain
> >then it can be done.
>
> In a single domain there's not much difference, though. Only when you
> have multiple domains does the need for universal scope become
> important.
>
> --
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
| |
| Rich Matheisen [MVP] 2002-10-05, 8:21 pm |
| "Ashley Webb [MS]" <awebb@microsoft.com> wrote:
>The other issue that may cause bigger complications without a Native Windows
>domain is if permissions are assigned to Public Folders using 5.5
>Distribution Lists.
Oh, I'm intimately familiar with PF and ACL's -- or at least the
problems they cause (at let things are a *lot* better now).
>When the ADC replicates Distribution Lists to Active
>Directory they are created as Universal Distribution Groups.
It's been about 18 months since I went though this -- but if the
domain isn't native mode, won't the groups be changed to security
groups with a global scope? I can't check if that's true or if it's
something I've made up or "dis-remembered".
>This will
>become a problem once the 5.5 Public Folders are replicated to E2K. The
>first time the folder is accessed on E2K a conversion process is attempted.
>There is an attempt to upgrade the Universal Distribution Group (UDG) to a
>Universal Security Group (USG). In a mixed AD domain this conversion cannot
>happen so access to the folder is locked out until corrected by the owner of
>the folder. This conversion and "zombie users" are the cause of warning
>Event IDs 9551 and 9552. This is rarely a "fun" issue to clean up.
I can tell you that nothing about Public Folders can even be remotely
described as "fun". 
>If the
>UDG exists in a NAtive mode AD domain then the conversion can happen and the
>folder remains accessible. The other issue that causes Public Folder greif
>is zombie users, but these have nothing to do with Native or Mixed mode
>domain.
And they're a lot less trouble now than they were at RTM.
>If you have a single domain and you use public folders and have used
>Distribution Lists to assign access permissions to those folders, then yes,
>you need a Native AD domain.
Are you sure that's true? There's something sticking in the back of my
head that says if you didn't follow the MS recommendations to have a
"transition domain" that the need for native mode with a single domain
didn't exist. It's been so long since we started using E2K that things
in the early betas and RC's during the JDP have become fuzzy memories.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
|
|
|
|
|