Its my understanding that communication to and from domain controllers will not travel over the same ports everytime.. at least for some types of communication. The only sure way to make it work is to setup IPSec between the servers and open those necessary ports since they will remain the same...
From what you have said it sounds like you are working on a somewhat small domain. I would defintely recommend using the ADMT to get to your new domain name. This can be done over the course of a weekend if done right. as for new hardware, just use a powerful workstation, then after the...
I'm not sure what it is off hand. But there are some account lock out tools available for server 2003 that you can download now for 2000.
http://weblogs.asp.net/Dbright/archive/03132003.aspx
at the bottom there is a link to the tools.
give that a shot...
I understand that I should have a gc at each site for logon purposed, but the thing is... I don't want people to use that dc in that site to be able to logon.
currently this remote site has no dc and they authenticate over the wan. once I create another site, currently we only have one, how...
Thats what I was thinking. What about the global catalog thing. I am pretty sure that a user workstation must contact a GC server in order to logon. You think I should do that as well?
How does the workstation determine which site to choose a Domain Controller to use for authenticaion?
I have a site that is geographically distant from our corporate/ Headquarters location. I want to deploy a domain controller to it but prevent users from authenticating to it. If I don't set it up as a global catalog server will that take care of it or will I need to do more.
I can if necessary...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.