I see a fair number of issues related to logging in to a Windows 2000 domain. Some of them are "bugs", some "features" and fair number of useful background articles. Most of these will be KB articles. Please let me know if you know of a tip or site I should add to this logon resource page: .
Increased Account Lockout Frequency in Windows 2000 Domain (Q264678)
When the client attempts to authenticate the user with a resource, Windows 2000 first uses the Kerberos authentication method. If the Kerberos attempt does not succeed, the client then tries the Windows NT challenge/response (NTLM) authentication protocol. Each of these methods presents the user's credentials for authentication purposes. Therefore, if a user specifies an incorrect password, the user's account is "charged" twice for one authentication attempt.
Account Lockout Because BadPasswordCount Not Reset to 0 (Q263821)
This problem may only be seen in the Windows 2000 environment because UAS replication does not occur as frequently as in the Windows NT 4.0 domain environment. User passwords between domain controllers may be out of synchronization for longer period of time. Also, the bad password count field is not replicated between the domain controllers.
Urgent Replication Triggers in Windows 2000 (Q232690)
describes Urgent Replication events as they pertain to Windows 2000 domains, Windows 2000 and Microsoft Windows NT 4.0 mixed-domain environments, and password changes.
Cannot Add Windows NT 4.0 BDC to a Windows 2000 Domain (Q242432)
To add a Windows NT 4.0-based BDC to a domain with a Windows 2000 client as the PDC, use the Srvmgr tool that is included with Windows 2000. You should run this version of the tool only on the Windows 2000 client to pre-create the computer account for the BDC. After you create the account, the BDC installation should finish successfully.