Active Directory Authentication

[Password]

Hello everyone,
I have encountered a problem while designing an Active Directory
Topology. My company has offices in different cities and personel that
travels around those offices. Each office has its own subdomain
(city1.example.com, city2.example.com, etc) which leads to users having to
log in to different domains as they travel around. There is no problem using
(e-mail address removed) to login to another domain but what happens if DC in
city1.example.com is down or the link is not active at the moment ? Will the
users be able to log in ? Is there a way to make the whole plan redundant so
that users can log in to different domains even if their home domain cannot
be contacted ?

Thank you in advance

Password

 

[Richard Moreno]

Hi-

For user ease of use, I recommend considering using your forest root for
their UPN logons. ([email protected]) unless you have duplicate names across
the domains. Assuming your running a minimum of 2 DCs per domain you have
redundancy. In the event of the site link going down and you have no DCs for
that particular domain outside the physical site, users can't login. (they
could login cached by unplugging LAN cable). If you're using a W2K3 AD
environment, then you could use GC caching at your sites and users could
logon when the site link or DCs are down.

--
Thanks,
Richard Moreno
MCSE NT4\2000, MCSA 2000

*This posting is provided "AS IS" with no warranties, and confers no
rights.

 

[Password]

We are currently using Windows 2003 Active Directory in native mode, so I
can use the GC caching that you proposed. What happens with replication
though ? I will be having about 5000 users that must be replicated to each
domain site. The links between the sites are 1Mbit leased lines.

Thank you for the tips

Password