Loggin to Domain
Hi All
we are shifted our some office users to another location and now they are all login in to same domain which we setup in Head Office. i have to ensure that they are able to use the same domain for logging for another 3 months. is it possible they can loggin
the same domain for another 3 months with out having physical connectivity with domain controller. pls advice if anyone knows the solution
thanks in advance.
March 2nd, 2011 3:31am
Without having physical connectivity with domain controller, your users will be unable to access your domain controller to logon. You can add additional domain controllers in the new offices so that your connectivity is down the additional domain controllers
will be used for users logon.
Remak: Your new additional domain controllers should be able to communicate with your Head office domain controllers for AD replication.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student Partner
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Free Windows Admin Tool Kit Click here and download it now
March 2nd, 2011 4:03am
No its not at all possible 3 months that too without physical connectivity but for certain extent i would say yes as well depends how many time user logons to the machine conditions apply. You might be thinking how yes its possible through
domain cached credentials
http://portal.sivarajan.com/2010/11/cached-domain-credentials-and-registry.html
http://4sysops.com/archives/cached-domain-logon/
Another way out out is make and additional domain controller on the Head Office and detach it from there bring it to the new office and seize the role tis was it can easily serve you prupose
After detaching it from the Head office do a metadata cleanup at the Head office and never put the both DC's on the same network again
http://www.virmansec.com/blogs/skhairuddin
March 2nd, 2011 6:30am
No its not at all possible 3 months that too without physical connectivity but for certain extent i would say yes as well depends how many time user logons to the machine conditions apply. You might be thinking how yes its possible through
domain cached credentials
http://portal.sivarajan.com/2010/11/cached-domain-credentials-and-registry.html
http://4sysops.com/archives/cached-domain-logon/
http://www.virmansec.com/blogs/skhairuddin
Free Windows Admin Tool Kit Click here and download it now
March 2nd, 2011 6:30am
Hello Rejesh,
I do not understand the point of keeping users out of domain for 3 months, long downtime from the resources usage. If your shifting your office, users should not feel the change.
Many enterprise network they will disable the cached domain logons.
Thanks
March 2nd, 2011 9:08am
Hi Rajesh
If the objective is to have the users logon to their machines for the next three months without the presence of a domain controlller but using their cached domain username and password.. then yes it is possible :)
cached logon credentials do not expire!
If you did not make any changes to the registry cachedLogonsCount then you should be okay default is 10 i think so that means caching is enabled and so your users can be away from the Domain for a long time (even longer than 3 months) but they will
still be able to log on to their machines using their domain username and password and also domain name in the logon prompt.
But they may not have access to certain resources and will not be able to change their passwords and all. What is going to happen after 3 months?? are these users going to go back to the old office?? If they are now going to be permanently based in this
new office then i dont advise having them use cached credentials untill eternity you can try out the solution proposed by Mr. X about additional DC's :)
tech-nique
Free Windows Admin Tool Kit Click here and download it now
March 2nd, 2011 9:58am