Re: Computer object inactivity and functionality
From: ptwilliams (ptw2001_at_hotmail.com)
Date: 07/28/04
- Next message: Miha Pihler: "Re: Unwanted share access despite security settings"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: getting info from AD"
- In reply to: Matjaz Ladava [MVP]: "Re: Computer object inactivity and functionality"
- Next in thread: Dave: "Re: Computer object inactivity and functionality"
- Reply: Dave: "Re: Computer object inactivity and functionality"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 28 Jul 2004 21:09:52 +0100
Yes, but after thirty days it wont not be able to logon. It will try the
old password, the DC will see it's the previous one, reset it and log a
netlogon error. The user will be able to use the computer with no knowledge
of what's gone on. It's the clients that do the legwork with the secure
channel passwords (as with most things).
Perhaps these have been off for longer?? Perhaps it's being tombstoned (90
days by default, but this value could have been shortened)??
-- Paul Williams _________________________________________ http://www.msresource.net Join us in our new forums! http://forums.msresource.net _________________________________________ "Matjaz Ladava [MVP]" <matjaz@ladava.com> wrote in message news:u3fG6QNdEHA.3728@TK2MSFTNGP09.phx.gbl... It is thirty days. See http://support.microsoft.com/default.aspx?scid=kb;EN-US;216243 there are also means of controlling this http://support.microsoft.com/default.aspx?scid=kb;EN-US;154501 -- Regards Matjaz Ladava MVP Windows Server - Directory Services matjaz@ladava.com, matjazl@mvps.org "Dave" <Dave@discussions.microsoft.com> wrote in message news:7AEBCD0B-6D90-43B0-A819-5242EFC9D750@microsoft.com... >I know that Computer objects in a Windows 2000 AD system renew their >authentication with the domain every 30 days. We've had some instances >though where a machine has been off of the network for an extended period >of time. When that machine is turned on again and someone tries to logon >they get the Trust Relationship error (same as if the computer account is >deleted). They may have to rejoin the domain at this point. > > My questions is this - what is the time period that a machine can be away, > and still successfully logon? Is it the 30 days of the password > authentication, or longer? > > Please note that I am talking strictly about computer objects here, not > users. Thanks! >
- Next message: Miha Pihler: "Re: Unwanted share access despite security settings"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: getting info from AD"
- In reply to: Matjaz Ladava [MVP]: "Re: Computer object inactivity and functionality"
- Next in thread: Dave: "Re: Computer object inactivity and functionality"
- Reply: Dave: "Re: Computer object inactivity and functionality"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
