We've been considering upgrading our domain function level from 2000 mixed
to either 2000 native or (in the near future) to 2003 native function level.
Part of the reason we are looking at raising the function level is because
we would like to make use of Domain Local Groups which are only available in
2000/2003 native modes; and of course it's been several years since we've
had any NT4 domain controllers

I'm just starting to gather information about "what we can expect" if we
raise the level. Of course if we raise it we cannot go back so I would like
to be certain we cover all our bases and know how it will affect our network
services if we do this. I have a number of differant services that I'm
doing research on such as our web-server login (integrated CFM/AD login) and
our VPN concentrators but I thought I would see if any of you have
recommendations for things to focus on when doing my research and/or
information about upgrades you have done.

Thanks in advance.

-Erik

Yep. You are on the right track. Take a good look at all servers that are
members of the domain and authenticate users from the outside, such as
Remote Access, OWA, etc. Changing to higher functionality can generally
interfere with NTLM authentication. This can really create a challenge when
the server being accessed is in a DMZ. You may have to plan for Kerberos
authentication through the firewall. Study up on IPSec. If you *must*
authenticate through a firewall (I don't suggest it) use certificate based
IPSec. (Spell that, PKI) Do NOT use shared secrets.

-ds


"Erik Szewczyk" <eszewczyk@cu-portland.edu> wrote in message
news:%23XcFVSn9DHA.2696@TK2MSFTNGP10.phx.gbl...

Are you suggesting that I will have a problem with OWA access?

-Erik

"Dave Shaw [MVP]" <dhshaw@NoSpam.msn.com> wrote in message
news:OCfsKlq9DHA.2392@TK2MSFTNGP11.phx.gbl...