Distributed Networks Distributed Networks




Active Directory  «Prev  Next»
Lesson 6 Domains
Objective Define the function and purposes of Windows 2000 domains.

Windows Domain Controller

As you know, the core unit of the logical structure in Active Directory is the domain. The domain serves many functions: It can act as a security boundary and as a unit of replication.
NT domains, with which you may be familiar, are also security boundaries but function very differently from Windows 2000 Active Directory domains.

Domain as security boundary

A domain administrator has the permissions and rights to administer within that domain only, unless the administrator is explicitly granted those rights in another domain. Furthermore, administrative authority can be granted over one or a group of organizational units within a domain, providing for much more granular administration. By contrast, in Windows NT, the domain was the smallest administrative unit, so you could not grant administrative authority to a user for part of a domain.

Domain as unit of replication

All domain controllers in a domain participate in replication and contain a complete copy of all directory information for their domain.

How a domain behaves

Once established, a domain can function as a mixed-mode or native-mode domain. What does this mean? A mixed-mode domain supports domain controllers that are running either Windows 2000 or Microsoft Windows NT. In a native-mode domain, all domain controllers run Windows 2000. After you install Active Directory and establish a domain, the domain and Active Directory are running in mixed-mode until you explicitly change it to native-mode.
The SlideShow below elaborates on these domain definitions and shows how the domain functions once it has been created.


  1. Mixed-mode domain: You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings.
    By following these recommendations, you can achieve better performance, scalability, reliability, and uptime.
  2. Native-mode domain: A domain in which all domain controllers are running Windows 2000 (no "down-level" - NT 4.0 - domain controllers).


Domain Security Boundary
The change from mixed-mode to native-mode is a one-way process; you cannot change from native-mode to mixed-mode.
In the next lesson, you will learn more about organizational units.