Microsoft kb article Q284937 discusses a "bug". The kb article is now offline
If you have large number of Windows 2000 Pro workstations and you
upgrade an NT domain PDC with W2K, all the W2K workstations will try to
authenticate only to the W2K DC and will not authenticate with the NT4 BDCs.
Ouch! If you have a lot W2K Pro workstations, this can swamp the newly upgraded
PDC in the domain. The W2K Pro workstations will not authenticate against the
NT4 BDCs even if all the W2K DCs are down. The W2K Pro workstations will use
cached credentials and will not reflect any changes made to their profiles. The
long-term solution is to have enough DCs in the NT4 domain to handle the W2K
workstations. This can take time. Until you get to that point, apply the
following hack to each NT4 DC BEFORE
the controller to Windows 2000.
emulate an NT4 DC
Once you have enough W2K BDCs, change NT4Emulator=0.