Sign in with
Sign up | Sign in
Your question

Logon interactively with domain account to disconnected DC ?

Last response: in Windows 2000/NT
Share
Anonymous
August 2, 2005 1:49:23 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

General question.


What instances should you be able to logon interactively to a domain
controller while its network cable is unplugged using a domain account
?


The DC is one of 50 in the domain with no FSMO roles. The question has
been brought up as to why you can logon to the console with a domain
account but the DC is not connected to the network so it can't see any
FSMO roles etc. It is a global catalog.


Why should you be able to logon to a DC with a domain account while its
not connected to the network ?


Why shouldn't you be able to ?


Whats the criteria ?
Anonymous
August 3, 2005 4:09:34 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Joe_SMS wrote:
> General question.
>
>
> What instances should you be able to logon interactively to a domain
> controller while its network cable is unplugged using a domain account
> ?
>
>
> The DC is one of 50 in the domain with no FSMO roles. The question has
> been brought up as to why you can logon to the console with a domain
> account but the DC is not connected to the network so it can't see any
> FSMO roles etc. It is a global catalog.

First of all FSMO roles holders are not used in logon process, PDC
emulator can be conntacted in some cases to get new ADM files etc.

>
> Why should you be able to logon to a DC with a domain account while its
> not connected to the network ?
Becouse as long as it is operational DC even without contacting any
other DC it can authenticate You when You are logging on to this DC
locally. This is the role of the DC and DC can act for authentication
process on its own.


> Why shouldn't you be able to ?
> Whats the criteria ?

Sorry, I'm not getting a point of this questions. If DC is working even
without connecting to any other DC it can authenticate domain user.
That's all.

--
Tomasz Onyszko
http://www.w2k.pl
Anonymous
August 5, 2005 4:36:59 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"" wrote:
> General question.
>
>
> What instances should you be able to logon interactively to a
> domain
> controller while its network cable is unplugged using a domain
> account
> ?
>
>
> The DC is one of 50 in the domain with no FSMO roles. The
> question has
> been brought up as to why you can logon to the console with a
> domain
> account but the DC is not connected to the network so it can't
> see any
> FSMO roles etc. It is a global catalog.
>
>
> Why should you be able to logon to a DC with a domain account
> while its
> not connected to the network ?
>
>
> Why shouldn't you be able to ?
>
>
> Whats the criteria ?

by default only local administrators can interactively logon to a DC
(to the console) even if it is not a GC.

Think about the following...
Is a fsmo needed for logon?
PDC -> no (may be to check if a password is really not correct)
RID -> no, only assigns rid blocks to dcs
infra -> no, only updates references
domain naming -> no, for domain creation purposes
schema -> no, for schema update purposes

google for FSMO to see what the specific tasks are for each FSMO

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-Logon-int...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1337579
!