Forcing authentication with a specific DC
From: Hindy (h_at_1.com)
Date: 07/01/03
- Next message: Wajihy [MSFT]: "Re: Add users automaticly to a distrabution list"
- Previous message: Lanwench [MVP - Exchange]: "Re: Add users automaticly to a distrabution list"
- In reply to: Sharyn: "Forcing authentication with a specific DC"
- Next in thread: Sharyn: "Forcing authentication with a specific DC"
- Reply: Sharyn: "Forcing authentication with a specific DC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 1 Jul 2003 07:31:07 -0700
I don't think you need to worry about the DC's at site
not having an up to date password. I take it your PDC
emulator DC is at the main site?
Read this, and see if it resolves your problem:
"In Windows 2000, when a user password is changed at a
specific domain controller, that domain controller
attempts to update the respective replica at the domain
controller that holds the PDC emulator role. Update of
the PDC emulator occurs immediately, without respect to
schedules between sites on site links. The updated
password is propagated to other domain controllers by
normal replication within a site. When the user logs on
to a domain and is authenticated by a domain controller
that does not have the updated password, the domain
controller refers to the PDC emulator to check the
credentials of the user name and password rather than
denying authentication based on a nonvalid password.
Therefore, the user can log on successfully even when the
authenticating domain controller has not yet received the
updated password."
from:
ms-
help://MS.TechNet.2003JUN.1033/win2ksrv/tnoffline/prodtech
nol/win2ksrv/reskit/distsys/part1/dsgch06.htm
>-----Original Message-----
>Hi,
>
>I have 5 remotes sites, and my main site here. Each
remote
>site has a DC that users at that site authenticate to
when
>they log onto the domain.
>
>Due to a password policy change, I need to force all my
>users to change their password, a site at a time, at the
>next logon. However, I don't want them authenticating
with
>their local DC, I want them to authenticate at the main
>site, due to replication latency, citrix servers and a
>firewall that uses account credentials from the main
site
>here.
>
>If I disable the netlogon service, on their local DC's,
I
>am assuming their authentication request will go
>elsewhere. In the past, I have noticed that when a
certain
>site's server is down, users authenticate with whichever
>DC nabs their request first.
>
>I don't want this happening. I want to ensure that they
do
>not authenticate with their local DC AND they *do* auth
>with my DC here.
>
>Is this possible?
>
>If it is, how do I accomplish this?
>
>Thanks,
>Sharyn
>
>.
>
- Next message: Wajihy [MSFT]: "Re: Add users automaticly to a distrabution list"
- Previous message: Lanwench [MVP - Exchange]: "Re: Add users automaticly to a distrabution list"
- In reply to: Sharyn: "Forcing authentication with a specific DC"
- Next in thread: Sharyn: "Forcing authentication with a specific DC"
- Reply: Sharyn: "Forcing authentication with a specific DC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
