Logon interactively with domain account to disconnected DC ?

Archived from groups: microsoft.public.win2000.active_directory (More info?)

General question.


What instances should you be able to logon interactively to a domain
controller while its network cable is unplugged using a domain account
?


The DC is one of 50 in the domain with no FSMO roles. The question has
been brought up as to why you can logon to the console with a domain
account but the DC is not connected to the network so it can't see any
FSMO roles etc. It is a global catalog.


Why should you be able to logon to a DC with a domain account while its
not connected to the network ?


Why shouldn't you be able to ?


Whats the criteria ?
2 answers Last reply
More about logon interactively domain account disconnected
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Joe_SMS wrote:
    > General question.
    >
    >
    > What instances should you be able to logon interactively to a domain
    > controller while its network cable is unplugged using a domain account
    > ?
    >
    >
    > The DC is one of 50 in the domain with no FSMO roles. The question has
    > been brought up as to why you can logon to the console with a domain
    > account but the DC is not connected to the network so it can't see any
    > FSMO roles etc. It is a global catalog.

    First of all FSMO roles holders are not used in logon process, PDC
    emulator can be conntacted in some cases to get new ADM files etc.

    >
    > Why should you be able to logon to a DC with a domain account while its
    > not connected to the network ?
    Becouse as long as it is operational DC even without contacting any
    other DC it can authenticate You when You are logging on to this DC
    locally. This is the role of the DC and DC can act for authentication
    process on its own.


    > Why shouldn't you be able to ?
    > Whats the criteria ?

    Sorry, I'm not getting a point of this questions. If DC is working even
    without connecting to any other DC it can authenticate domain user.
    That's all.

    --
    Tomasz Onyszko
    http://www.w2k.pl
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "" wrote:
    > General question.
    >
    >
    > What instances should you be able to logon interactively to a
    > domain
    > controller while its network cable is unplugged using a domain
    > account
    > ?
    >
    >
    > The DC is one of 50 in the domain with no FSMO roles. The
    > question has
    > been brought up as to why you can logon to the console with a
    > domain
    > account but the DC is not connected to the network so it can't
    > see any
    > FSMO roles etc. It is a global catalog.
    >
    >
    > Why should you be able to logon to a DC with a domain account
    > while its
    > not connected to the network ?
    >
    >
    > Why shouldn't you be able to ?
    >
    >
    > Whats the criteria ?

    by default only local administrators can interactively logon to a DC
    (to the console) even if it is not a GC.

    Think about the following...
    Is a fsmo needed for logon?
    PDC -> no (may be to check if a password is really not correct)
    RID -> no, only assigns rid blocks to dcs
    infra -> no, only updates references
    domain naming -> no, for domain creation purposes
    schema -> no, for schema update purposes

    google for FSMO to see what the specific tasks are for each FSMO

    --
    Posted using the http://www.windowsforumz.com interface, at author's request
    Articles individually checked for conformance to usenet standards
    Topic URL: http://www.windowsforumz.com/Active-Directory-Logon-interly-domain-account-disconnected-DC-ftopict403739.html
    Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1337579
Ask a new question

Read More

Domain Connection Active Directory Windows