[THIN] Re: Just a sanity check NT-AD trust

  • From: "Joe Shonk" <joe.shonk@xxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Tue, 4 Oct 2005 13:33:30 -0700

Are the accounts logging into the Citrix server NT or AD?  You can move the
Citrix Server to the AD domain no prob. Also, why is the PDC being taken
offline?  You should promote another server to a PDC and original PDC to a
BDC, and then take the server offline.

 

  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Steve Parr
Sent: Tuesday, October 04, 2005 1:26 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Just a sanity check NT-AD trust

 

We have a few remaining smaller NT domains that are hanging around short
while until they too are upgraded to AD for one purpose: to allow a couple
of NT Citrix member servers and DB servers that are still in the NT domain
which is trusted by the AD domain to authenticate the users logging into
Citrix with their AD accounts. The NT-AD trust allows the AD accounts to run
on these Citrix servers still joined to the NT domain. Some of the IT folk
here believe having one BDC in the NT domain will be sufficient to allow the
login-authentication from the trust to work. I would have always assumed
that a PDC is better and because a BDC is read only will run into trouble at
some point. Is a BDC sufficient to allow trusted AD accounts to login and
access resources? I assume best practice was to always have a PDC. Seems to
be no point in having a single BDC as is so easy to promote to a BDC.
Question is can the NT BDC sufficiently allow the trust to function which
was previously setup before the PDC is taken offline so that the trusted AD
accounts can logon to Citrix(which is in the NT domain as memb. Server) and
access resources?

 

Steve Parr
Metroland Printing, Publishing and Distributing Ltd.



 

Other related posts: