Overloading the upgraded domain controller

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Microsoft kb article Q284937 discusses a "bug". The kb article is now offline ????? If you have large number of Windows 2000 Pro workstations and you upgrade an NT domain PDC with W2K, all the W2K workstations will try to authenticate only to the W2K DC and will not authenticate with the NT4 BDCs. Ouch! If you have a lot W2K Pro workstations, this can swamp the newly upgraded PDC in the domain. The W2K Pro workstations will not authenticate against the NT4 BDCs even if all the W2K DCs are down. The W2K Pro workstations will use cached credentials and will not reflect any changes made to their profiles. The long-term solution is to have enough DCs in the NT4 domain to handle the W2K workstations. This can take time. Until you get to that point, apply the following hack to each NT4 DC BEFORE upgrading the controller to Windows 2000.

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\
Name: NT4Emulator
Type: REG_DWORD
Value: 1 emulate an NT4 DC

Once you have enough W2K BDCs, change NT4Emulator=0.

Featured Links