Resolution
goal
How do I configure Directory and Resource Administrator if Windows 2000 domain controllers are set to run in NT emulation mode?
fact
Directory and Resource Administrator 6.x
symptom
Without the client side registry setting NeutralizeNT4Emulator as detailed below, the MMC and Active Directory Users and Computers do not resolve any group to friendly names.
fix
When setting a DC to run in NT emulation mode, a Windows 2000 client will no longer receive group policy nor will it do Kerberos authentication. Therefore, in order to have the DRA run correctly edit the registry to add the value NeutralizeNT4Emulator, as described in the following section. Note that there has not been any testing of what effect changing the following Registry settings on the DRA server will have in regards to the operation of DRA. This is not a recommend or supported configuration of DRA.
To perform remote administration on Windows 2000 domain controllers that have the NT4emulator registry value after you install the Windows 2000 Administration Tools package, follow these steps:
note
Warning: Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. NetIQ Technical Support cannot guarantee that problems resulting from the incorrect use of the Registry Editor can be resolved. Make sure that you back up your Registry prior to making any changes.
note
There has been no testing of running DC in NT emulation mode and the effect on DRA operations.
note
How do I configure Directory and Resource Administrator if Windows 2000 domain controllers are set to run in NT emulation mode?
fact
Directory and Resource Administrator 6.x
symptom
Without the client side registry setting NeutralizeNT4Emulator as detailed below, the MMC and Active Directory Users and Computers do not resolve any group to friendly names.
fix
When setting a DC to run in NT emulation mode, a Windows 2000 client will no longer receive group policy nor will it do Kerberos authentication. Therefore, in order to have the DRA run correctly edit the registry to add the value NeutralizeNT4Emulator, as described in the following section. Note that there has not been any testing of what effect changing the following Registry settings on the DRA server will have in regards to the operation of DRA. This is not a recommend or supported configuration of DRA.
To perform remote administration on Windows 2000 domain controllers that have the NT4emulator registry value after you install the Windows 2000 Administration Tools package, follow these steps:
- On the computer that is running Windows 2000 Professional or a member server, start Registry Editor (Regedt32.exe).
- Locate and click the following key in the registry:
- HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters
- Click Add Value on the Edit menu, and then add the following registry value:
- Value name: NeutralizeNT4Emulator
Data type: REG_DWORD
Radix: Hex
Value data: 0x1 - Quit Registry Editor.
- Use Dcpromo.exe to upgrade, and then apply the latest service pack.
note
Warning: Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. NetIQ Technical Support cannot guarantee that problems resulting from the incorrect use of the Registry Editor can be resolved. Make sure that you back up your Registry prior to making any changes.
note
There has been no testing of running DC in NT emulation mode and the effect on DRA operations.
note
The following articles detail how to set a DC to run in NT 4 emulation mode and the client settings that have to be modified. Having the DC run in emulation mode is intended for a temporary solution during a migration.
http://www.jsifaq.com/SUBJ/tip4500/rh4584.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q284937
Additional Information
Formerly known as NETIQKB13280