[THIN] Re: slightly OT: ActiveDirectory resilience
- From: Corné Bogaarts <c.bogaarts@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Sat, 13 Mar 2004 18:11:25 +0100
Assume the DC holding the GC-role crashed. As the remaining DC cannot verify
whether the user-account is member of a Universal group in an other Domain,
logon should be impossible in this case. This is by design.
(Attempt at an) explanation: an administrator can put 'deny'-permissions on
resources for a Universal group. Assume some user is a member of such a
Universal
group and knows about this configuration. He/She might BSOD the GC. Assume
logon in that case would still be possible. Then the user would be able to gain
access to the resource that (s)he had been specifically denied.
11-3-2004 11:25:19, Brian Lilley <Brian.Lilley@xxxxxxxxxxxxx> wrote:
>"A termite walks into a bar and says s'the bar tender here?"
>
>My customer has a two domain controller win2k AD based forest hosting a
>citrix fr3 farm. For reasons best known to the customer, they have a
>totally seperate win2k AD forest which hosts an NT4 workstation base.
>
>Some bloke in the pub told them that if their first dc which held all five
>operational master roles plus the global catalogue function failed, then
>users would be unable to logon?? I disagree with this comment because the
>failure of the three forest wide master roles plus the GC should not prevent
>user logon. It may prevent, in some circumstances, problems adding
>objects?? Other than, that I imagine that the domain would continue
>normally.
>
>As far as I am concerned, the GC simply holds a subset of the 'domain
>partition' bit of the active directory databases from other domains within
>the same forest and would have no bearing on logon??
>
>Please tell me I am right....
>
>
>Brianos McChips
>
>
>**********************************************************************
>The information contained in this e-mail message is intended
>only for the individuals named above. If you are not the
>intended recipient, you should be aware that any
>dissemination, distribution, forwarding or other duplication
>of this communication is strictly prohibited. The views
>expressed in this e-mail are those of the individual author
>and not necessarily those of Vivista Limited.
>Prior to taking any action based upon this e-mail message
>you should seek appropriate confirmation of its authenticity.
>If you have received this e-mail in error, please immediately
>notify the sender by using the e-mail reply facility.
>**********************************************************************
>
>
>_____________________________________________________________________
>
>This message has been checked for all known viruses on behalf of Vivista by
>MessageLabs.
>
>http://www.messagelabs.com or Email: mailsweeper.info@xxxxxxxxxxxxx
>
>Vivista formerly Securicor Information Systems for further information
>http://www.vivista.co.uk
>
>********************************************************
>This weeks sponsor Emergent Online.
>Emergent OnLine is the leading server-based computing consulting integration
>firm in the nation. Emergent OnLine delivers expert
>consulting services you can depend on.
>http://www.go-eol.com
>**********************************************************
>Useful Thin Client Computing Links are available at:
>http://thin.net/links.cfm
>***********************************************************
>For Archives, to Unsubscribe, Subscribe or
>set Digest or Vacation mode use the below link:
>http://thin.net/citrixlist.cfm
>
>
********************************************************
This weeks sponsor Emergent Online.
Emergent OnLine is the leading server-based computing consulting integration
firm in the nation. Emergent OnLine delivers expert
consulting services you can depend on.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
