Native vs mixed mode Windows 2000 domains involve much more that whether NT BDC can be used. If you have firewalls within your enterprise you need to know what protocols and ports are used to communicate between servers and clients in each mode.
Native mode ports and functions
| PORTS | FUNCTION |
| TCP 53 | DNS |
| UDP/TCP 389 | LDAP |
| UDP/TCP 500 | ISAKMP/Oakley negotiation traffic (IPSec) |
| UDP/TCP 636 | LDAP (over TLS/SSL) |
| UDP 88 | Kerberos |
| UDP/TCP 750, 751 | Kerberos Authentication |
| UDP 752 | Kerberos Password Server |
| UDP 753 | Kerberos User Registration Server |
| TCP 522 | User Location Store |
| TCP 754 | Kerberos Slave Propagation |
| TCP 888 | Logon and Environment Passing |
| TCP Dynamic | Directory Replication |
| TCP 2053 | Kerberos de-multiplexor (Kerberos V4) |
| TCP 2105 | Kerberos encrypted login |
| TCP 3268 | Global Catalog |
| TCP 3269 | Global Catalog |
If you have NT clients or servers you will have to allow the above ports plus the ports needed for mixed mode domains:
| PORTS | FUNCTION |
| UDP: 53 | DNS Resolution |
| UDP: 67, 68 | DHCP Lease |
| UDP: 137, 138 | Browsing |
| UDP: 137, 138/TCP: 139 | Logon Sequence |
| UDP: 137, 138/TCP: 139 | Pass-Through Validation |
| UDP: 137, 138/TCP: 139 | Printing |
| UDP: 137, 138/TCP: 139 | Trusts |
| UDP: 137, 138/TCP: 139 | WinNT Secure Channel |
| UDP: 138/TCP: 139 | Directory Replication |
| UDP: 138 | NetLogon |
| TCP: 42 | WINS Replication |
| TCP: 135 | DHCP Manager, DNS Administration, WINS Manager |
| TCP: 137 | WINS Registration |
| TCP: 139 | Event Viewer, File Sharing, Performance Monitor, Registry Editor, Server Manager, User Manager, WinNT Diagnostics |
