Re: Core servers

yes, but that really depends on the environment and is especially true for
the PDC

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"peterc" <peterc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ADEDAFAE-0882-4ACD-956C-979107CB48E5@xxxxxxxxxxxxxxxx
Yes the servers are in a separate subnet, but then so are the user
accounts,
multiple vlans. Being in a different subnet will not prevent logon as the
subnets are all configured as belonging to the same site. My main query is
has any one seen any design for AD where the domain controllers (for the
child domain) are protected from user logon because thet hold fsmo roles?

"Jorge Silva" wrote:

Hi

If I understanded you correctly you'll have the PDc, INF and RID servers
in
a different subnet in the same site right?
According to this configuration the PDc, INF and RID servers will only
be
used if the servers in the same subnet were the clients are fail.

--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"peterc" <peterc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:311D4CC2-4D91-4D73-AD86-7A156E8FE6F1@xxxxxxxxxxxxxxxx
I am involved with an AD migration. The new domain structure is and
empty
root, two DCs different sites, no user accounts. One child domain
crossing
multiple sites. The designer has specified that the two domain
controllers
holding the PDc, INF and RID roles for the child domain be isolated
from
user
logons by placing in different subnet, authentication for user
accounts
to
be carried out by other DCs on the site.
Given that authentcation is carried out to a local domain controller as
configured in Sites and Services, a local subnet will not isolate the
two
DCs
holding these fsmo roles from being used to authenticate accounts,
separate
subnet or not. The term core servers is being used to describe these
DCs
and
they are described as needing protection from user logons. Personally I
have
never heard of this configuration before. I cannot find any reference
to
this
methodology. Can anyone shed any light on it?





.

Relevant Pages

  • Re: Domain Controllers Out of Sync
    ... Both servers are on 192.168.5.0/24. ... The PDC is ... (subnet mask 255.255.255.0, gateway ... replication accomplish this? ...
    (microsoft.public.win2000.active_directory)
  • My PDC crashed.
    ... each building has its own subnet and its own DC. ... In one building a DC serves as a Schema Master, ene is the PDC and one ... I have NT, 2000, and 2003 servers at my company. ...
    (microsoft.public.win2000.active_directory)
  • Multi-Site Setup -- Weird Question
    ... The child domain has been created, ... I cannot connect the servers to the existing network ... subnet where the replication will be controlled. ...
    (microsoft.public.windows.server.general)
  • Re: DC in wrong site
    ... Simply move both servers into ... > An administrator created a subnet but the child domain and the parent ... > are in the same subnet. ... The parent domain IP subnet and the child IP ...
    (microsoft.public.windows.server.active_directory)
  • Re: Master Browser not working on server
    ... Now if you have multiple domains make sure each PDC can ... >> setting to false on all machines on that paticular subnet. ... >> SMB. ... >> It's possible browstat is finding the SMB but not the DMB. ...
    (microsoft.public.windows.server.networking)