[THIN] Just a sanity check NT-AD trust
- From: Steve Parr <sparr@xxxxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Tue, 4 Oct 2005 16:26:25 -0400
We have a few remaining smaller NT domains that are hanging around short
while until they too are upgraded to AD for one purpose: to allow a couple
of NT Citrix member servers and DB servers that are still in the NT domain
which is trusted by the AD domain to authenticate the users logging into
Citrix with their AD accounts. The NT-AD trust allows the AD accounts to run
on these Citrix servers still joined to the NT domain. Some of the IT folk
here believe having one BDC in the NT domain will be sufficient to allow the
login-authentication from the trust to work. I would have always assumed
that a PDC is better and because a BDC is read only will run into trouble at
some point. Is a BDC sufficient to allow trusted AD accounts to login and
access resources? I assume best practice was to always have a PDC. Seems to
be no point in having a single BDC as is so easy to promote to a BDC.
Question is can the NT BDC sufficiently allow the trust to function which
was previously setup before the PDC is taken offline so that the trusted AD
accounts can logon to Citrix(which is in the NT domain as memb. Server) and
access resources?
Steve Parr
Metroland Printing, Publishing and Distributing Ltd.
Other related posts:
