Active Directory Client (dsclient) for Win98/NT
How can I work with NT 4.0 and Win98 clients in a Windows 2000 or Windows Server 2003 Domain?
Microsoft has developed extensions for the Windows 95, Windows 98, and Windows NT 4.0 operating systems that allow those client platforms to take advantage of features provided by the Windows 2000 and Windows Server 2003 Active Directory service.
These client extensions were developed for customers who wish to deploy Windows 2000/2003 Server in environments with Windows 95, Windows 98, and Windows NT 4.0 based client workstations.
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
Active Directory Features Supported
Windows 9x and Windows NT 4 based clients lack many of the features of Windows 2000 Professional and Windows XP Professional that are related to Active Directory. The Active Directory client extension is an upgrade or patch for Windows 95, Windows 98, and Windows NT 4.0, which enables the following Active Directory features:
Site awareness – This includes the ability to log on to the domain controller that is closest to the client in the network and the ability to change passwords on any Windows 2000/2003-based domain controller, instead of the primary domain controller (PDC). In order to benefit from this new functionality the computer object where the Client extension is installed must exist in a Windows 2000/2003 domain.
Note: Active Directory Client for Windows NT4.0 does not change the NT4.0 WinLogon change password behavior. The WinLogon change password still contacts the PDC. However, Active Directory Client extension provides necessary APIs to change the password to any Windows 2000 based domain controller.
Active Directory Service Interfaces (ADSI) – ADSI allows scripting to Active Directory and provides a common programming API to Active Directory programmers.
DFS fault tolerance client – This provides access to Windows 2000/2003 distributed file system (DFS) fault tolerant and fail-over file shares specified in Active Directory. In order to benefit from this new functionality the computer object where the Client extension is installed must exist in a Windows 2000/2003 domain.
Active Directory Windows Address Book (WAB) property pages – These allow users who have permission to change properties on user objects (for example, phone number and address) by means of the user object pages, which can be accessed by clicking the Start menu, and then pointing to Search and For People. This also includes support for display specifiers that allow rendering of new schema elements stored on the user object in Active Directory.
NTLM v2 authentication – The client extensions take advantage of the improved authentication features available in NTLM v2.
Active Directory Features Not Supported
Significant architectural advancements have been made in the Windows 2000 Professional and Windows XP Professional client platforms. They deliver functionality that the Active Directory client extensions on Windows 9x and Windows NT 4.0 cannot deliver. Users can take advantage of these additional capabilities by upgrading to Windows 2000 Professional or Windows XP Professional.
The client extension does NOT provide the following:
Kerberos support – The Active Directory client extension does not deliver Kerberos support to Windows 9x and Windows NT 4.0 based clients.
Group Policy or IntelliMirror support – The Active Directory client extension does not deliver IntelliMirror management technologies or Windows 2000/2003 Group Policy functionality.
IPSec or L2TP support – The Active Directory client extension does not deliver advanced virtual private networking (VPN) protocols, like Internet Protocol security (IPSec) or Layer 2 Tunneling Protocol (L2TP).
For L2TP and IPSec VPN Client support on Win98 and Windows NT 4.0 please see the following link:
SPN or mutual authentication – The Active Directory client extension does not deliver Service Principal Name (SPN) or mutual authentication.
Active Directory Client requirements for NT4
Service Pack 6a
Versions of Internet Explorer no earlier than 4.01
Windows 95/Windows 98-based Active Directory client extension is distributed on the Windows 2000 CD.
Note: An updated version of the Directory Services client for Windows 95 and Windows 98 is available as a HotFix. See Availability of the Directory Services Client Update for Windows 95 and Windows 98 – 323466