Re: Unable to authenticate users in windows 2003 SP1 secondary DC
- From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Mon, 22 Jan 2007 13:41:33 -0600
Yes.
Try sharing and in your script map to the %logonserver% instead of a
specific name. The %logonserver% variable is popluated with the name of the
server the user has logged on to.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"MS" <lmathew@xxxxxxxxxxxxxxxxxx> wrote in message
news:ukXxdOjPHHA.320@xxxxxxxxxxxxxxxxxxxxxxx
Hi Paul,
Thanks for the info. I have the DC's setup exactly as you have mentioned.
Single domain, both DC's are GC, both DC's are DNS AD Integrated and
client able to ping both servers using IP and hostname.
On a second thought, is it because my PDC hosts user folders and apps
folders mapped to drives names, whereas, BDC also do contain these
folders for redundacy purpose, however they are not shared and mapped.
Could this create authentication issues like not being able to map the
drives(since it is trying to map the the share on the failed PDC) from
netlogon script and eventually authentication failing
Regards
Liby
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:ut99d3iPHHA.1604@xxxxxxxxxxxxxxxxxxxxxxx
In 2000/2003 there is no longer the destinction of of pdc/bdc, only a
fsmo role of the PDC emulation. You don't need to do much of anything as
long as you have the domain setup to handle in accessible servers. You
need to make sure that both DC's are GC's (I assume this is a single
domain in your forest) and that both dc's are dns servers for AD (The
simplest for this is AD Integrated dns). Then your clients need to pint
to both of the dns servers for dns services. So if a dc is down the
client may attempt to access the downed dc but there will enough
intelligence to contact the available dc w/o any intervention by anyone.
As long as the other dc comes back online with in the tombstone period
(Defualt is usually 90 days if I recall correctly) you can go on without
doing anything.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"MS" <lmathew@xxxxxxxxxxxxxxxxxx> wrote in message
news:u2GQHsiPHHA.4172@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I have a PDC & BDC. PDC holds all the FSMO role. How would I make the
users authenticate with BDC, if my PDC is brought down(for testing). Do
I have to transfer / sieze all FSMO to BDC. I have PDC as primary DNS
and BDC as secondary DNS configured.
Any thoughts appreciated.
Liby
.
- References:
- Unable to authenticate users in windows 2003 SP1 secondary DC
- From: MS
- Re: Unable to authenticate users in windows 2003 SP1 secondary DC
- From: Paul Bergson [MVP-DS]
- Re: Unable to authenticate users in windows 2003 SP1 secondary DC
- From: MS
- Unable to authenticate users in windows 2003 SP1 secondary DC
- Prev by Date: Re: "Enabling" an already enabled user account?
- Next by Date: Re: Kerberos error on Domain Controller
- Previous by thread: Re: Unable to authenticate users in windows 2003 SP1 secondary DC
- Next by thread: Re: Unable to authenticate users in windows 2003 SP1 secondary DC
- Index(es):
Relevant Pages
|
