Knowledge Base and Tips - Windows 2000 domain controllers require SP3...

Title:

Windows 2000 domain controllers require SP3 or later when using Windows Server 2003 administration tools

Body:

By default, Active Directory administrative tools in the Windows Server 2003 family sign and encrypt all Lightweight Directory Access Protocol (LDAP) traffic.

Signing LDAP traffic guarantees that the packaged data comes from a known source, has not been tampered with and does not hit the wire in clear text where network trace utilities like Network Monitor can view it.

Active Directory administration tools may also negotiate by using the NTLM authentication protocol instead of LDAP signing.

Two scenarios that invoke NTLM authentication include the following scenarios:

• The administration of Windows 2000 domain controllers that are located in an external forest that is connected by earlier-version trusts.
• Focusing MMC snap-ins against a specific domain controller that is referenced by its IP address. For example, you click Start, click Run, and then type dsa.msc /server=x.x.x.x, where x.x.x.x is the IP address of the domain controller.

To learn more, click this link:

http://support.microsoft.com/kb/325465/en-us

KB Article by ID Number:

325465

Directory Services Keywords:

Security W2000SECCONF

General Services Keywords:

AD2003

Technologies Keywords:

LDAP

Networking Keywords:

LDAP signing and encryption

Expires:

Attachments:

Created at 4/20/2005 9:35 PM by Jean-François APREA

Last modified at 4/20/2005 9:35 PM by Jean-François APREA