Microsoft KB Archive/324922

From BetaArchive Wiki
Knowledge Base


How to prevent domain administrators from converting a domain to Native Mode

Article ID: 324922

Article Last Modified on 10/30/2006


APPLIES TO

  • Microsoft Windows 2000 Service Pack 1
  • Microsoft Windows 2000 Service Pack 2
  • Microsoft Windows 2000 Service Pack 3
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Advanced Server


This article was previously published under Q324922

SUMMARY

This article describes how to make the Change Mode button for domain mode conversion unavailable to domain administrators. This reduces the chance that an administrator who does not have Enterprise Administrator rights can convert a domain from Mixed Mode to Native Mode.

Note If you remove the write permission from the nTMixedDomain property, the Change Mode button is unavailable to domain administrators. However, domain administrators can make the button available again by granting themselves write permission to this property.

MORE INFORMATION

To make the Change Mode button unavailable to domain administrators, follow these steps:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. On the View menu, click Advanced Features.
  3. In the left pane, right-click the domain name, and then click Properties.
  4. Click the Security tab, and then click Advanced.
  5. Click Add, type Administrators in the Name box, and then click OK.
  6. Click the Properties tab.
  7. In the Apply onto drop-down list, make sure that This object only is selected.
  8. In the Permissions list, click to select the Deny box for Write NTMixedDomain, and then click OK two times.
  9. Click Yes if you are prompted, and then click OK.

To make the Change Mode button available again, follow these steps:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. On the View menu, click Advanced Features.
  3. In the left pane, right-click the domain name, and then click Properties.
  4. Click the Security tab, and then click Advanced.
  5. In the Permission Entries list, click the Administrators entry for which you denied write permission, and then click Remove.
  6. Click Apply, and then click OK two times.


Keywords: kbinfo kbenv KB324922



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/324922&oldid=179538
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki