[THIN] Re: slightly OT: ActiveDirectory resilience
- From: "Chris Lynch" <lynch00@xxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 11 Mar 2004 08:13:44 -0800
If the GC is offline, then your users will not be able to log into the
domain properly. They will log into their local workstations, if there
isn't a policy restricting cached client credentials. The GC looks up the
group membership of a particular user, Global and Universal Group
Membership. Only Administrators will not be affected by this. This is not
the same in Windows Server 2003 with a 2003 Functional Level forest.
I also don't understand why there are TWO separate AD forests. Why is there
this seperation? Why not a child level domain to the forest root, and have
2 DC's that are also GC's?
There are is only 1 FSMO role that is necessary for client authentication
(which is dependant on the client OS), and that is the PDC Emulator Role.
The PDC role is only for Windows NT4 and lower clients, as well as password
resets. The GC is required for group membership enumeration.
Here are some docs from Microsoft that will help explain FSMO roles, and
best placement in the forest:
http://support.microsoft.com/default.aspx?scid=kb;en-us;197132&Product=win20
00
http://support.microsoft.com/default.aspx?scid=kb;en-us;223346&Product=win20
00
Even though the following article explains how to create or move a GC in
Windows 2000, there are links at the bottom of the article to further
explain the GC.
http://support.microsoft.com/default.aspx?scid=kb;en-us;313994&Product=win20
00
HTH,
Chris
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Braebaum, Neil
Sent: Thursday, March 11, 2004 3:26 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: slightly OT: ActiveDirectory resilience
Um, the GC being unavailable, will affect login - I'm not saying
*prevent* login, but it will affect it, for sure.
Same with the PDCe depending on what happens at login, and the type of
client machine.
Most of the FSMO roles are quite irrelevant to login, though.
Neil
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Brian Lilley
> Sent: 11 March 2004 10:25
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] slightly OT: ActiveDirectory resilience
>
> "A termite walks into a bar and says s'the bar tender here?"
>
> My customer has a two domain controller win2k AD based forest hosting
> a citrix fr3 farm. For reasons best known to the customer, they have
> a totally seperate win2k AD forest which hosts an NT4 workstation
> base.
>
> Some bloke in the pub told them that if their first dc which held all
> five operational master roles plus the global catalogue function
> failed, then users would be unable to logon?? I disagree with this
> comment because the failure of the three forest wide master roles plus
> the GC should not prevent user logon. It may prevent, in some
> circumstances, problems adding objects?? Other than, that I imagine
> that the domain would continue normally.
>
> As far as I am concerned, the GC simply holds a subset of the 'domain
> partition' bit of the active directory databases from other domains
> within the same forest and would have no bearing on logon??
>
> Please tell me I am right....
>
> Brianos McChips
***********************************************
This e-mail and its attachments are confidential and are intended for the
above named recipient only. If this has come to you in error, please notify
the sender immediately and delete this e-mail from your system.
You must take no action based on this, nor must you copy or disclose it or
any part of its contents to any person or organisation.
Statements and opinions contained in this email may not necessarily
represent those of Littlewoods.
Please note that e-mail communications may be monitored.
The registered office of Littlewoods Limited and its subsidiaries is 100 Old
Hall Street, Liverpool, L70 1AB.
Registered number of Littlewoods Limited is 262152.
************************************************
********************************************************
This weeks sponsor Emergent Online.
Emergent OnLine is the leading server-based computing consulting integration
firm in the nation. Emergent OnLine delivers expert consulting services you
can depend on.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use
the below link:
http://thin.net/citrixlist.cfm
********************************************************
This weeks sponsor Emergent Online.
Emergent OnLine is the leading server-based computing consulting integration
firm in the nation. Emergent OnLine delivers expert
consulting services you can depend on.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
