Windows Server 2008 R2 Domain Controllers have left Windows NT 4.0 behind. Windows Server 2008 would still let the old guy play along, but no more. This fact is not apparant until you start to look closer:
- DCPromo in Windows Server 2008 R2 will not let you select Windows 2000 mixed mode for your domain functional level.
This in turn makes it impossible to add a Windows NT 4.0 BDC to your domain.
- A trust cannot be created between a Windows NT 4.0 domain and a Windows Server 2008 R2 domain.
The security changes introduced in Windows Server 2008 R2 prevent this. (http://support.microsoft.com/?id=942564)
- Windows NT 4.0 compatible cryptographic algorithms are not enabled in a Windows Server 2008 R2 domain.
They can be enabled, but this, still, will not let you create a trust between Windows NT 4.0 and Windows Server 2008 R2. (http://support.microsoft.com/?id=942564)
I guess it was finally time to move along…