The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-026