"Windows 2000 native" vs "Windows 2003 Server" functional level.

"Windows 2000 native" vs "Windows 2003 Server" functional level.

Post by QnJpYW4gTm » Wed, 01 Mar 2006 19:11:10


I have a question regarding what functional level I should use to get the
following functionality to work (if possible).

I have 2 domain controllers (Windows 2003 Server) - each placed in different
sites and called (DC1, DC2) and both has domain functional level "Windows
2000 Native".

1. On DC1 create universal distribution group (same problem with security
2. Use repadmin /replicate to replicate the group to DC2.
3. On DC1 add a user to the group.
4. On DC2 add a user to the group.

Consequence: The user added on DC1 is overwritten by the user added on DC2.
What I hoped would happen: The group entries are merged, so both users are
member of the group.

I thought that the groups would be merged because of the 'per entry'
replication in Windows 2003, but is this only working if the domain
functional level is raised to "Windows 2003 Server" level? Or should it also
work in "Windows 2000 Native" mode?

Or it my problem another place? :-)


"Windows 2000 native" vs "Windows 2003 Server" functional level.

Post by TmVpbCBSdX » Wed, 01 Mar 2006 19:31:20

In w2k native mode, the members of a group are stored as one blob and
replicated in their entirety when changes are made. This is by design but far
from desirable!

Once *all* Dcs in the forest are at w2k3, you may raise the func level of
all domains to w2k3 domain func level and then the forest itself to w2k3
forest func level. Only then, (when forest func level raised) will those
attributes which can be multi valued (such as group members) be stored as
separate entities and be replicated as true deltas in the way you require.
i.e. the scenario you describe below will result in the memberships being
merged and not over written.