[THIN] Re: slightly OT: ActiveDirectory resilience
- From: Corné Bogaarts <c.bogaarts@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Tue, 16 Mar 2004 12:20:47 +0100
For Windows2000 Domain:
http://support.microsoft.com/default.aspx?scid=kb;en-us;255690
For a Windows2003 Domain:
http://support.microsoft.com/default.aspx?scid=kb;en-us;324801
13-3-2004 18:23:05, "Rob Beekmans" <RobBeekmans@xxxxxxxxxxxxx> wrote:
>I've had that experience where the DC/GC crashed with other DC's =
>available.
>And even though it looked like users could log on normally, after a few
>hours of joy and happines the complains started to roll in. We =
>transfered
>the roles just before the servers crashed and thought we were on safe =
>ground
>but somehow the first installed server has some hidden special tasks =
>that
>you can't transfer....
>
>If the first server dies, all dies.....
>We did a complete reinstall of the domain, a new domain....quickest =
>solution
>for them...
>
>
>
>Met vriendelijke groeten / With kind regards
>
>Rob Beekmans
>Technical Consultant
>A-Tree Automatisering
>
>Business Phone: +31 24 6452000
>Business Fax: +31 24 6450463
>Business website: http://www.a-tree.nl
>Business E-mail: R.Beekmans@xxxxxxxxx
>
>Private E-mail: RobBeekmans@xxxxxxxxxxxxx
>Private website: http://joulupukki.nl
> =20
>
>
>
>-----Oorspronkelijk bericht-----
>Van: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] Namens
>Corn=E9 Bogaarts
>Verzonden: zaterdag 13 maart 2004 18:11
>Aan: thin@xxxxxxxxxxxxx
>Onderwerp: [THIN] Re: slightly OT: ActiveDirectory resilience
>
>
>Assume the DC holding the GC-role crashed. As the remaining DC cannot =
>verify
>whether the user-account is member of a Universal group in an other =
>Domain,=20
>logon should be impossible in this case. This is by design.=20
>
>(Attempt at an) explanation: an administrator can put 'deny'-permissions =
>on
>resources for a Universal group. Assume some user is a member of such a
>Universal=20
>group and knows about this configuration. He/She might BSOD the GC. =
>Assume
>logon in that case would still be possible. Then the user would be able =
>to
>gain=20
>access to the resource that (s)he had been specifically denied.
>
>
>11-3-2004 11:25:19, Brian Lilley <Brian.Lilley@xxxxxxxxxxxxx> wrote:
>
>>"A termite walks into a bar and says s'the bar tender here?"
>>
>>My customer has a two domain controller win2k AD based forest hosting a =
>
>>citrix fr3 farm. For reasons best known to the customer, they have a=20
>>totally seperate win2k AD forest which hosts an NT4 workstation base.
>>
>>Some bloke in the pub told them that if their first dc which held all=20
>>five operational master roles plus the global catalogue function=20
>>failed, then users would be unable to logon?? I disagree with this=20
>>comment because the failure of the three forest wide master roles plus=20
>>the GC should not prevent user logon. It may prevent, in some=20
>>circumstances, problems adding objects?? Other than, that I imagine=20
>>that the domain would continue normally.
>>
>>As far as I am concerned, the GC simply holds a subset of the 'domain=20
>>partition' bit of the active directory databases from other domains=20
>>within the same forest and would have no bearing on logon??
>>
>>Please tell me I am right....
>>
>>
>>Brianos McChips
>>
>>
>
>********************************************************
>This weeks sponsor Emergent Online.
>Emergent OnLine is the leading server-based computing consulting integration
>firm in the nation. Emergent OnLine delivers expert
>consulting services you can depend on.
>http://www.go-eol.com
>**********************************************************
>Useful Thin Client Computing Links are available at:
>http://thin.net/links.cfm
>***********************************************************
>For Archives, to Unsubscribe, Subscribe or
>set Digest or Vacation mode use the below link:
>http://thin.net/citrixlist.cfm
>
>
********************************************************
This weeks sponsor Emergent Online.
Emergent OnLine is the leading server-based computing consulting integration
firm in the nation. Emergent OnLine delivers expert
consulting services you can depend on.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
