Did you find this useful?
Socialize it today.

Windows NT 4.0 and 2008 R2 Domain Trusts

Friday, October 28, 2011

If you are planning to upgrade your Active Directory infrastructure to 2008 R2 and you still have external NT 4.0 trusts in place, you'll need to make some decisions before you upgrade. Trust relationships are no longer supported between these two types of Windows domains.

The work-around (cryptography algorithms compatible with Windows NT 4.0 policy) that have been available for previous versions of Active Directory are no longer supported. Please reference this Microsoft KB article for more information.

"The Net Logon service on Windows Server 2008 and on Windows Server 2008 R2 domain controllers does not allow the use of older cryptography algorithms that are compatible with Windows NT 4.0 by default" - http://support.microsoft.com/kb/942564/en-us

A summary from the article ... "Windows NT 4.0 trusts cannot be created between Windows Server 2008 R2-based domains and Windows NT 4.0-based domains. The workaround steps that are documented later in this article apply to only Windows Server 2008. Security changes that are in Windows Server 2008 R2 prevent a trust between Windows Server 2008 R2-based domains and Windows NT 4.0-based domains. This behavior is by design."

This is probably a good thing which will force us to stop putting in place security measures simply to keep these unsupported domains online.

Please help us spread the word by socializing it today!

email contact us

Did you find something wrong with the information on this page? Please take a moment to report it to us so that we can continue to improve the quality of the information on this site. Click here to report an issue with this page.

Recommended Books & Training Resources

MCITP Windows Server 2008 Enterprise Administrator: Training Kit 4-Pack: Exams 70-640 70-642 70-643 70-647 Windows Server 2008 R2 Unleashed