When to Go to Native Mode
Several features point you to going to Native Mode. With Native Mode, you have more group types and group management with nested groups.
The availability and functions of groups are described in Table 22.1. The new group types are domain local groups and universal groups. Domain local groups are similar to local groups except that they are domain wide. Domain local groups enable access to resources in the domain. This is just like local groups enabling access to machine- specific resources. Universal groups have Forest-wide scope. Universal groups can give access to resources in the any domain in the Forest and to domains in other Forests, as long as the proper trust relationship exists.
| Group Type | Mode Available | Function |
|---|---|---|
| Local Group | Mixed and Native | Access to machine-wide resources. |
| Domain Local Group | Native only | Access to domain-wide resources and can be used on any machine in the domain. They are limited to their local domain. |
| Global Group | Mixed and Native | Similar to Windows NT global groups. Domain-wide membership scope and can be given permissions in other domains. |
| Universal Groups | Native only | Membership and permissions Forest wide. |
Native Mode removes the need for BDC replication traffic, and the PDC is eliminated. The SAM size limitation is lifted as well.
Staying in mixed-mode does not affect client access. There are a few reasons to stay in mixed-mode. They include not having adequate hardware to run Active Directory, wanting a fallback position, and not being able to upgrade BDCs because of applications that will not upgrade.