Re: Isolated member server won't authenicate with Isolated DC
- From: "Cary Shultz [A.D. MVP]" <cwshultz@xxxxxxxx>
- Date: Thu, 6 Oct 2005 02:01:48 -0400
A GC is really only needed in a Native Mode AD environment. And I am pretty
sure that you can change this, too....
It all depends on what David is going to do. Usually when you take a
production DC out of production and put it in an isolated test environment
you would have to do a metadata cleanup in the production lab ( aka: remove
all references to the 'lab' DC ) and seize the FSMO roles in the test lab
( via ntdsutil ). However, this assumes that this DC will not be put back
in the production environment. Well, not without a dcpromo cycle....
Also, it would be a really good idea to make that DC a Global Catalog
Server....eventhough I stated above that a GC is only really needed in a
Native Mode AD environment.
--
Cary W. Shultz
Roanoke, VA 24012
WIN2000 Active Directory MVP
http://www.activedirectory-win2000.com
(soon to be updated!!!)
http://www.grouppolicy-win2000.com
(soon to be updated!!!)
"Jorge_de_Almeida_Pinto" <UseLinkToEmail@xxxxxxxxxxxxxxxxx> wrote in message
news:3_1429509_9564bc7564705cc979d7cf38416817ae@xxxxxxxxxxxxxxxxxxxx
> "" wrote:
> > Hopefully someone can answer with the reason why this doesn't
> > work.
> >
> > I ran dcpromo on a server, and made it a DC. This DC has none
> > of the
> > FSMO roles on it and is not a global catalog server. However
> > everything
> > seems to work ok within the domain. I take this DC, power it
> > off, and
> > hook it up to an isolated network. I take another member
> > server in the
> > same domain, power it off, and plug it into this isolated
> > network and
> > power it back on. Now there are 2 machines on an isolated
> > switch; a DC,
> > and a member server. I can log in as administrator (presumably
> > cached),
> > but not as any other user. It tells me the domain is
> > unavailable. OH..
> > one other thing this isolated DC is also a DNS server and all
> > the
> > setting are set up properly to see it. The only errors I am
> > getting are
> > those replication stuff. I'm wondering if there is an obvious
> > reason
> > that I'm missing. I don't have this setup anymore so I'd have
> > put it
> > back into a test lab to duplicate.
> >
> > -D
>
> You said it yourself. The DC is not a GC and as it is the only non-GC
> and DC in your testlab users will not be able to authenticate.
> For logon a GC IS needed (to check for universal group memberships
> throughout the forest if you use them or not). When no GCs are
> available only the administrator can log on otherwise no one would be
> able to troubleshoot (chicken and egg story)
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's
> request
> Articles individually checked for conformance to usenet standards
> Topic URL:
> http://www.windowsforumz.com/Active-Directory-Isolated-member-server-authenicate-Isolated-DC-ftopict426673.html
> Visit Topic URL to contact author (reg. req'd). Report abuse:
> http://www.windowsforumz.com/eform.php?p=1429509
.
- Prev by Date: Re: domain and subdomain
- Next by Date: Re: Error adding PCs to domain
- Previous by thread: Re: domain and subdomain
- Next by thread: Re: home directories on a different domain
- Index(es):
Relevant Pages
|
