For Windows2000 Domain: http://support.microsoft.com/default.aspx?scid=kb;en-us;255690 For a Windows2003 Domain: http://support.microsoft.com/default.aspx?scid=kb;en-us;324801 13-3-2004 18:23:05, "Rob Beekmans" <RobBeekmans@xxxxxxxxxxxxx> wrote: >I've had that experience where the DC/GC crashed with other DC's = >available. >And even though it looked like users could log on normally, after a few >hours of joy and happines the complains started to roll in. We = >transfered >the roles just before the servers crashed and thought we were on safe = >ground >but somehow the first installed server has some hidden special tasks = >that >you can't transfer.... > >If the first server dies, all dies..... >We did a complete reinstall of the domain, a new domain....quickest = >solution >for them... > > > >Met vriendelijke groeten / With kind regards > >Rob Beekmans >Technical Consultant >A-Tree Automatisering > >Business Phone: +31 24 6452000 >Business Fax: +31 24 6450463 >Business website: http://www.a-tree.nl >Business E-mail: R.Beekmans@xxxxxxxxx > >Private E-mail: RobBeekmans@xxxxxxxxxxxxx >Private website: http://joulupukki.nl > =20 > > > >-----Oorspronkelijk bericht----- >Van: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] Namens >Corn=E9 Bogaarts >Verzonden: zaterdag 13 maart 2004 18:11 >Aan: thin@xxxxxxxxxxxxx >Onderwerp: [THIN] Re: slightly OT: ActiveDirectory resilience > > >Assume the DC holding the GC-role crashed. As the remaining DC cannot = >verify >whether the user-account is member of a Universal group in an other = >Domain,=20 >logon should be impossible in this case. This is by design.=20 > >(Attempt at an) explanation: an administrator can put 'deny'-permissions = >on >resources for a Universal group. Assume some user is a member of such a >Universal=20 >group and knows about this configuration. He/She might BSOD the GC. = >Assume >logon in that case would still be possible. Then the user would be able = >to >gain=20 >access to the resource that (s)he had been specifically denied. > > >11-3-2004 11:25:19, Brian Lilley <Brian.Lilley@xxxxxxxxxxxxx> wrote: > >>"A termite walks into a bar and says s'the bar tender here?" >> >>My customer has a two domain controller win2k AD based forest hosting a = > >>citrix fr3 farm. For reasons best known to the customer, they have a=20 >>totally seperate win2k AD forest which hosts an NT4 workstation base. >> >>Some bloke in the pub told them that if their first dc which held all=20 >>five operational master roles plus the global catalogue function=20 >>failed, then users would be unable to logon?? I disagree with this=20 >>comment because the failure of the three forest wide master roles plus=20 >>the GC should not prevent user logon. It may prevent, in some=20 >>circumstances, problems adding objects?? Other than, that I imagine=20 >>that the domain would continue normally. >> >>As far as I am concerned, the GC simply holds a subset of the 'domain=20 >>partition' bit of the active directory databases from other domains=20 >>within the same forest and would have no bearing on logon?? >> >>Please tell me I am right.... >> >> >>Brianos McChips >> >> > >******************************************************** >This weeks sponsor Emergent Online. >Emergent OnLine is the leading server-based computing consulting integration >firm in the nation. Emergent OnLine delivers expert >consulting services you can depend on. >http://www.go-eol.com >********************************************************** >Useful Thin Client Computing Links are available at: >http://thin.net/links.cfm >*********************************************************** >For Archives, to Unsubscribe, Subscribe or >set Digest or Vacation mode use the below link: >http://thin.net/citrixlist.cfm > > ******************************************************** This weeks sponsor Emergent Online. Emergent OnLine is the leading server-based computing consulting integration firm in the nation. Emergent OnLine delivers expert consulting services you can depend on. http://www.go-eol.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm