Hello,
Thanks for clarifying the problem.
Logically, the DCs (although they are in separate physical locations) are
in a LAN if we put them in one site. Therefore, the clients should be able
to logon to the domain by authenticating with the available domain
controller, in case the connection is down.
Just consider the following:
1. Ensure that the name resolution works well. Therefore, please install
DNS in each location, and make every client use the local DNS.
2. Make both DCs to be GCs.
Then I think that user authentication should work even if the network
between the two locations is not available.
Thanks!
Regards,
Joe Wu
Product Support Services
Microsoft Corporation
Get Secure! -
www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
|From: "Allison" <
[email protected]>
|References: <u##
[email protected]>
<O#
[email protected]>
<#
[email protected]>
<
[email protected]>
|Subject: Re: Site Replication
|Date: Mon, 24 Nov 2003 10:03:03 -0600
|Lines: 186
|X-Priority: 3
|X-MSMail-Priority: Normal
|X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|Message-ID: <
[email protected]>
|Newsgroups: microsoft.public.win2000.active_directory
|NNTP-Posting-Host: 216.166.25.12
|Path:
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!cpmsftngxa09.phx.gbl!TK2MSFTNGP08.
phx.gbl!TK2MSFTNGP12.phx.gbl
|Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.active_directory:56941
|X-Tomcat-NG: microsoft.public.win2000.active_directory
|
|I probably didn't word it right. I still have my DCs at 2 seperate
physical
|locations (connected by a 12mb connection), and if I put both DCs in one
|site within ADSS, my users still should be able to logon to the domain
|correct? Or do need to keep seperate sites within ADSS? All of my remote
|offices have the ability to get to both physical locations in case one of
|their links goes down. I'm just wondering if they can still logon to the
|domain if I put all of my DCs in one site in ADSS rather than having two
|seperate sites.
|
|Thanks
|
|
||> Hello,
|>
|> Yes, your understandings are correct.
|>
|> When the domain controllers are not available, the users are still able
to
|> log on to the client machines using cached logon information.
|>
|> Please note that in this mode, since the domain controllers are
|unavailable
|> to validate the accounts, end users cannot access network resources that
|> require domain validation. However, they can access network resources
that
|> do not require domain validation.
|>
|> For more information regarding Cached Logon, please refer to:
|>
|> 172931 Cached Logon Information
|>
http://support.microsoft.com/?id=172931
|>
|> Please let me know if anything is unclear. Thanks!
|>
|> Regards,
|> Joe Wu
|> Product Support Services
|> Microsoft Corporation
|>
|> Get Secure! -
www.microsoft.com/security
|>
|> ====================================================
|> When responding to posts, please "Reply to Group" via your newsreader so
|> that others may learn and benefit from your issue.
|> ====================================================
|> This posting is provided "AS IS" with no warranties, and confers no
|rights.
|>
|> --------------------
|> |From: "Allison" <
[email protected]>
|> |References: <u##
[email protected]>
|> <O#
[email protected]>
|> |Subject: Re: Site Replication
|> |Date: Thu, 20 Nov 2003 09:24:53 -0600
|> |Lines: 97
|> |X-Priority: 3
|> |X-MSMail-Priority: Normal
|> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |Message-ID: <#
[email protected]>
|> |Newsgroups: microsoft.public.win2000.active_directory
|> |NNTP-Posting-Host: 216.166.25.12
|> |Path:
|>
|cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
8
|> phx.gbl!TK2MSFTNGP09.phx.gbl
|> |Xref: cpmsftngxa07.phx.gbl
|microsoft.public.win2000.active_directory:56539
|> |X-Tomcat-NG: microsoft.public.win2000.active_directory
|> |
|> |Thanks Joe,
|> |
|> |My 12 mb connection is stable and I do not have a GPO for the site.
|> Suppose
|> |I do put my DCs into one site within ADSS, what would happen if the
|> |connection between both locations was to fail for a few minutes? Would
|> |users still be able to login? Would I have any AD problems during and
|> after
|> |the connections were to fail and come back online? From what I read,
|> |everything should be ok. But I want to make sure.
|> |
|> |
|> ||> |> Hello,
|> |>
|> |> Thank you for your post.
|> |>
|> |> Yes, the 12MB connection can make the whole network works like within
a
|> |> LAN. You can put the three DC in one site, if the following are true:
|> |>
|> |> 1. The connection is always stable.
|> |> 2. You do not need to make a group policy on the site level.
|> |>
|> |> Therefore, the management of the network will be easier and
replication
|> is
|> |> more frequent. In the meantime, I hope the following reference is
|> helpful:
|> |>
|> |> 318480 HOW TO: Create and Configure an Active Directory Site in
Windows
|> |2000
|> |>
http://support.microsoft.com/?id=318480
|> |>
|> |> Sites
|> |>
|>
||
http://www.microsoft.com/windows2000/en/server/help/sag_ADsite_concept_1.h
t
|> m
|> |>
|> |> Managing Sites
|> |>
|>
||
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtec
h
|> n
|> |> ol/ad/windows2000/maintain/opsguide/part1/adogd06.asp
|> |>
|> |> 244368 How to Optimize Active Directory Replication in a Large Network
|> |>
http://support.microsoft.com/?id=244368
|> |>
|> |> 306602 How to Optimize the Location of a Domain Controller or Global
|> |Catalog
|> |>
http://support.microsoft.com/?id=306602
|> |>
|> |> Please feel free to let me know if anything is unclear or if you have
|any
|> |> further questions. Thank you for using our news groups!
|> |>
|> |> Regards,
|> |> Joe Wu
|> |> Product Support Services
|> |> Microsoft Corporation
|> |>
|> |> Get Secure! -
www.microsoft.com/security
|> |>
|> |> ====================================================
|> |> When responding to posts, please "Reply to Group" via your newsreader
|so
|> |> that others may learn and benefit from your issue.
|> |> ====================================================
|> |> This posting is provided "AS IS" with no warranties, and confers no
|> |rights.
|> |>
|> |> --------------------
|> |> |From: "Allison" <
[email protected]>
|> |> |Subject: Site Replication
|> |> |Date: Wed, 19 Nov 2003 16:40:55 -0600
|> |> |Lines: 9
|> |> |X-Priority: 3
|> |> |X-MSMail-Priority: Normal
|> |> |X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
|> |> |X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
|> |> |Message-ID: <u##
[email protected]>
|> |> |Newsgroups: microsoft.public.win2000.active_directory
|> |> |NNTP-Posting-Host: 216.166.25.12
|> |> |Path:
|> |>
|>
||cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP
0
|> 8
|> |> phx.gbl!TK2MSFTNGP11.phx.gbl
|> |> |Xref: cpmsftngxa07.phx.gbl
|> |microsoft.public.win2000.active_directory:56475
|> |> |X-Tomcat-NG: microsoft.public.win2000.active_directory
|> |> |
|> |> |I have 2 sites set up within Active Directory. Each site is
connected
|> by
|> |a
|> |> |12mb connection and the utilization on this connection is very
|minimal.
|> |> |Would it be ok to to put my Domain Controllers (3 total) in one site
|> |within
|> |> |AD Sites and Services since I have a pretty fast connection between
|both
|> |> |locations?
|> |> |
|> |> |thanks
|> |> |
|> |> |
|> |> |
|> |>
|> |
|> |
|> |
|>
|
|
|
