다음을 통해 공유


Some of Windows 2008/2008 R2 Active Directory Upgrade Compatibility Issues

 

Client computers may not work correctly when you add a Windows Server 2008-based domain controller to an existing pre-Windows Server 2008 domain https://support.microsoft.com/kb/946405:

This problem may occur if the security template files for the NoLMHash policy setting on the Windows Server 2008-based domain controller do not match the security template files for the NoLMHash policy setting on the pre-Windows Server 2008-based domain controllers.
When you perform a clean install of Windows Server 2008 and then install the Active Directory directory service on the computer, the security template files are changed to enable the NoLMHash policy.
If you add Windows Server 2008 as the domain controller to an existing domain by using the default domain policy, the NoLMHash policy of the existing domain controller is disabled. Additionally, the NoLMHash policy in Windows Server 2008 is enabled.

 

The Net Logon service on Windows Server 2008 and on Windows Server 2008 R2 domain controllers does not allow the use of older cryptography algorithms that are compatible with Windows NT 4.0 by default https://support.microsoft.com/kb/942564

This problem occurs because of the default behavior of the Allow cryptography algorithms compatible with Windows NT 4.0 policy on Windows Server 2008-based domain controllers. This policy is configured to prevent Windows operating systems and third-party clients from using weak cryptography algorithms to establish NETLOGON security channels to Windows Server 2008-based domain controllers.

 

You cannot remotely access encrypted files after you upgrade a Windows Server 2003 file server to Windows Server 2008 https://support.microsoft.com/kb/948690

This issue occurs because special user profiles are not migrated when a Windows file server is upgraded to Windows Server 2008. Therefore, when you try to access the encrypted files, the upgraded file server does not recognize the special profile. Then, the upgraded file server creates a new profile that has new EFS encryption keys. These new keys differ from the original keys. Therefore, you cannot access the previously encrypted files.
When a user encrypts a file that is stored on a Windows file server, the actual encryption of the file occurs on the file server. A special user profile is created on the Windows Server 2003-based file server. This special user profile is used to create and store your encrypting file system (EFS) encryption keys. Afterward, every time that a user accesses the encrypted files on the file server, this special profile is loaded on behalf of the user. The previously created encryption keys are used.

 

Description of the Outlook 2003 hotfix package (Engmui.msp, Olkintl.msp): February 24, 2009 https://support.microsoft.com/kb/968614

When Outlook 2003 is connected to a domain controller server or to a global catalog server that is running Windows Server 2003, you set a custom address list to be shown first in the Address Book dialog box.
However, if Outlook 2003 later connects with a domain controller or a global catalog server that is running Windows Server 2008, the address list that is shown first in the Address Book dialog box is switched back to the global address list (GAL) unexpectedly.

Note: This problem also occurs when Outlook 2003 first connects with a Windows Server 2008 domain controller or to a global catalog, and then later connects with Windows Server 2003 domain controller server or global catalog server.

 

Description of the Windows Server 2008 read-only domain controller compatibility pack for Windows Server 2003 clients and for Windows XP clients and for Windows Vista https://support.microsoft.com/kb/944043

You do not necessarily have to apply this update before you can deploy a read-only domain controller. Sometimes, compatibility issues do not affect your deployment. Or, you may be able to use a workaround instead of applying the update.