Define the function and purposes of Windows 2000 domains.
Windows Domain Controller
As you know, the core unit of the logical structure in Active Directory is the domain.
The domain serves many functions: It can act as a security boundary and as a unit of replication.
NT domains, with which you may be familiar, are also security boundaries but function very differently
from Windows 2000 Active Directory domains.
Domain as security boundary
A domain administrator has the permissions and rights to administer within that domain only,
unless the administrator is explicitly granted
those rights in another domain. Furthermore, administrative authority can be granted over one or a group of organizational units within a
domain, providing for much more granular administration. By contrast, in Windows NT, the domain was the smallest administrative unit, so you
could not grant administrative authority to a user for part of a domain.
Domain as unit of replication
All domain controllers in a domain participate in replication and contain a complete copy of all directory information for their domain.
How a domain behaves
Once established, a domain can function as a mixed-mode or native-mode domain. What does this mean? A mixed-mode domain supports
domain controllers that are running either Windows 2000 or Microsoft Windows NT. In a native-mode domain, all domain controllers run Windows
2000. After you install Active Directory and establish a domain, the domain and Active Directory are running in mixed-mode until you
explicitly change it to native-mode.
The SlideShow below elaborates on these domain definitions and shows how the domain functions once it has been created.
Mixed-mode domain: You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are
experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data
from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues,
potential problems, and nondefault product settings.
By following these recommendations, you can achieve better performance, scalability, reliability, and uptime.
Native-mode domain: A domain in which all domain controllers are running Windows 2000 (no "down-level" - NT 4.0 - domain controllers).
Domain Security Boundary
The change from mixed-mode to native-mode is a one-way process; you cannot change from native-mode to mixed-mode.
In the next lesson, you will learn more about organizational units.