addtional DC authentication

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Dear Support,
will the additional domain controller do the authentication when PDC is up
& running (in win 2k & 2k3). Do we have to do any role transfer for BDC
authentication?
 
The role of a primary and secondary went away when NT went to 2000/2003.
There are a couple of instances that one of the dc's has more respondsibility
than the others in a few cases but for the most part they are pretty much
equal.

The dc's that reside amongst one another in a common site should share
authentication and dc's outside of their site will handle authentications for
the most part only in their site. Sites are defined by ip subnets.

The issue with role transfer is the difference in the dc's this is called
fsmo roles and there are five of them; 2 which are part of the forest and
three which are common for each domain in the forest.

Schema master - forest role
Domain naming master - forest role
RID master - domain role
PDC emulator - domain role
Infrastructure master - domain role

http://support.microsoft.com/kb/q197132/

Is this wht you were looking for?
 
Dear Support,

Yes this was my doubt, but I think that we need to configure DNS on
secondary domain controller also, because by default DNS is not configured in
this. I am correct? Without any additional configuration will the secondary
DC do the authentication?

with regards,
nirmala
 
You should integrate dns into AD. Next install dns services on your second
dc then have all your clients to both of these dc's. This way if one of the
dc's (With DNS services) goes off line the other will be available to
provide authentication and dns services.

DNS Primary to AD Integrated
http://support.microsoft.com/default.aspx?scid=kb;en-us;198437



--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com/

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Paul said:
You should integrate dns into AD. Next install dns services on your
second dc then have all your clients to both of these dc's. This way
if one of the dc's (With DNS services) goes off line the other will
be available to provide authentication and dns services.

DNS Primary to AD Integrated
http://support.microsoft.com/default.aspx?scid=kb;en-us;198437
Click to expand...
While it may be a good idea to use AD Integrated DNS servers, it is by
no means essential. It is definitely a good idea to have two DNS
servers, integrated or not, to ensure services are available if one of
the DNS servers is not available.

I would also advise using AD Integrated DNS servers in almost all cases.

Cheers,

Cliff
 
Back
Top