Re: PDC EMU ?
- From: skhips <skhips@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 5 Aug 2006 12:10:01 -0700
Thanks again for your help Jorge.
So if i am worried about choosing a single domain with sites because of
insable WAN links and the impact of lsing the PDC Emu', refferred to as the
role you will miss the quickest, I can totaly stop worrying about it with
that AVOIDPDCONWAN setting ??
ref my Q1 I was under the impression (hopefully wrongly) that when a
password ws wrongly entered the failure would be sent by the DC to the PDC
Emu and recorder by that and every time you entered a bad password the PDC Em
would increment and eventually tell the DC that the user has now entered to
many passwords and to lock the user, I ws then worried that if the WAN was
down the user in a site with no PDC Em locally would be able to try an
infinte number off passwords until the WAN link was resumed as the DC cold
not ask a PDC Em for its record of ba attempts , somone mentioned this ws
only W2K and only before a certain Service pack, is that the case and if so
how would the AvoidPDCWAN impact.
2. Is it possible that instead of always having the AvoidPDCWan setting on
you only placed it on when losing the link and would tht mean all would
function well, presumbly you would just then need to have a local time surce
set to override pointing at the PDC Em
Hopefuly my concerns will amount to nothing and a nice single domain is in
site (get it site, no oh well).
Cheers
"Jorge Silva" wrote:
Hi.
1. If the wan link is down to the PC Emulator does that mean as itNo, it uses the policy define on the Site DC, it's all about replication, if
records
bad password attempts a user would be able to have more password attempt
than
configured in the doamin GPO.
you change the PW policy and the Wan link is down there's no way that others
DCs be able to know about that change, so the keep enforcing their actual
settings untill replication occours.
2. If I use the AvoidPdcOnWan setting on W2K3 in W2K mode in a remoteWith this setting on, if a client password fails to authenticate on the DC,
site
will all of the tasks that the PDC Emulator is responsible for still
function
at the remote site or will it cause issues.
the DC does not attempt to authenticate that password on the remote PDCe,
this is generally use to reduce WAN traffic. However the passwords changes
are replicated by normal Active Directory replication to update password
information, instead of using Urgent Replication.
PS: I know that Joe Richards may have a different opinion about this (we
recently discuss something like this), he can provide you in detail how this
really works (behind the scenes). Are you there Joe... :) wanna talk about
Urgent replication..... Urgent Queue...
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"skhips" <skhips@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BDDBEEA9-B22E-4BB6-A5C9-44C264BCD8FC@xxxxxxxxxxxxxxxx
1. If the wan link is down to the PC Emulator does that mean as it
records
bad password attempts a user would be able to have more password attempt
than
configured in the doamin GPO.
2. If I use the AvoidPdcOnWan setting on W2K3 in W2K mode in a remote
site
will all of the tasks that the PDC Emulator is responsible for still
function
at the remote site or will it cause issues.
TIA
- References:
- Re: PDC EMU ?
- From: Jorge Silva
- Re: PDC EMU ?
- Prev by Date: Re: Domains or Sites - HELP !
- Next by Date: Re: Settle a Administrator's dispute
- Previous by thread: Re: PDC EMU ?
- Next by thread: Re: PDC EMU ?
- Index(es):
Relevant Pages
|
Loading
