How Can I Determine Whether a Domain is in Mixed Mode or Native Mode?

How Can I Determine Whether a Domain is in Mixed Mode or Native Mode?

  • Comments 1
  • Likes
Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I determine whether a domain is in mixed mode or native mode?

-- WW

SpacerHey, Scripting Guy! AnswerScript Center

Hey, WW. When you listen to a Seattle Mariners game on the radio one of the regular features is “Stump the Broadcasters.” The premise to Stump the Broadcasters is that listeners send in a baseball question to be asked of the Mariners broadcasters. If you can “stump the broadcasters” (that is, if you ask a question that the broadcasters can’t answer) then you win a fabulous prize. Pretty simple, huh?

The only problem with Stump the Broadcasters is that people send in such silly questions: “Who holds the major league record for most career home runs?” To be honest, you just want to grab these people, shake them, and say, “What’s wrong with you? Don’t you want to win the fabulous prize? Even people who don’t know anything about baseball know that Hank Aaron holds the record for most career home runs. Holy smokes!”

Note. Here’s a better question: “Who holds the record for the fewest pitches thrown in a complete game?” The answer: the Boston Braves’ Red Barrett, who needed just 58 pitches (and only one hour and 15 minutes) to defeat the Cincinnati Reds 2-0 back in 1944. But you probably shouldn’t try this question, either. After all, if the Mariners broadcasters read this column every day (as they almost surely do), well, now they know the answer, too.

If you want to stump the Mariners broadcasters you need to ask about something no one in their right mind could possibly know, something like “Who holds the record for the fewest pitches thrown in a complete game?” It’s a little different when you try to Stump the Scripting Guys, however. Admittedly, no one in their right mind knows how to use a script to determine whether an Active Directory domain is in mixed mode or native mode. But who said that the Scripting Guys were in their right minds?

Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com")

If objDomain.nTMixedDomain = 0 Then
    Wscript.Echo "Domain is in native mode."
Else
    Wscript.Echo "Domain is in mixed mode."
End If

As you can see, it’s actually very easy to determine whether a domain is in native mode or mixed mode. To begin with, you simply connect to the domain itself, something we do with this line of code:

Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com")

Why do we connect to the domain? That’s easy: the domain object happens to have an attribute named nTMixedDomain that tells us whether the domain is in mixed mode or native mode. If nTMixedDomain is equal to 0 then the domain is in native mode (which basically means that all domain controllers must be running Windows 2000 or Windows Server 2003). If nTMixedDomain is equal to 1 then the domain is in mixed mode, which means that Windows NT 4.0 computers can function as domain controllers. How do we check and report back the value of the nTMixedDomainAttribute? By using this block of code:

If objDomain.nTMixedDomain = 0 Then
    Wscript.Echo "Domain is in native mode."
Else
    Wscript.Echo "Domain is in mixed mode."
End If

Incidentally, the nTMixedDomain attribute is a read-write attribute: if your domain is currently in mixed mode you can use a script to change the value to 0 (and thus put the domain into native mode). Are we going to show you an example of how to do that? No, we’re not. Why? Well, moving from mixed mode to native mode is an irreversible process; because of that we don’t want to give you a script that you might accidentally run, and thus accidentally change the domain mode. But that’s no big deal: now that you know about the nTMixedDomain attribute, and now that you know this attribute is read-write, you should be able to put together a script to move you from mixed mode to native mode without too much trouble.

As long as we’re on the subject, here’s another attribute you might find interesting: msDS-Behavior-Version. If you connect to a Windows Server 2003 domain and retrieve the value of this attribute it will tell you the domain functional level (see this Knowledge Base article for more details). If you connect to the Partitions container and retrieve the value of this attribute it will tell you the forest level setting (discussed in that same Knowledge Base article). We won’t explain the following code in any detail, but this script does return the forest level setting for a Windows Server 2003 forest:

Set objRootDSE = GetObject("LDAP://rootDSE")

Set objPartitions = GetObject("LDAP://CN=Partitions," & _ 
    objRootDSE.Get("configurationNamingContext"))

If objPartitions.[msDS-Behavior-Version] = 0 Then
    Wscript.Echo "This is a mixed-level forest."
ElseIf objPartitions.[ msDS-Behavior-Version] = 1 Then
    Wscript.Echo "This is a Windows Server 2003 interim-level forest."
Else
    Wscript.Echo "This is a Windows Server 2003 forest."
End If

Note. Why did we put square brackets around the attribute name ([msDS-Behavior-Version])? You obviously haven’t read this previous Hey, Scripting Guy! column, have you?

We hope that helps, WW. Now here’s another question for you, and for everyone else out there: From1967 to 1983, Aurelio Rodriguez played third base for several major league baseball teams, most notably the Detroit Tigers. During his tenure there was one thing that made Aurelio Rodriguez absolutely unique among major league ball players. What was that? (Answer below)

Answer. During his time in the big leagues Aurelio Rodriguez was the only major league ball player whose first name contained all five vowels: a-e-i-o-u. Raise your hand if you got that one right.

Wait a second: everyone got that one right? Hmmm ….

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Hi, Great article but the link in your note is dead... :(