Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problems using local GC when VPN is down

Status
Not open for further replies.
pogi05

pogi05

IS-IT--Management
Jul 12, 2006
71
US
We have two sites with two domains, DomainA and DomainB (both windows 2000 &2003), which reside in the same forest. DomainA is the corporate site with the forest root domain which has a glogal catalog server.

In our site, we have trouble with users from DomainB logging into new computer that doesn't have their cached credentials, and when the VPN tunnel between our sites is down. BUT, we have a GC here in our remote site as well. Shouldn't their computers be able to contact the local GC?

It seems like they aren't being routed to use the local GC, when the remote GC in DomainA is unavailable. Does it have anything to do with the fact that the GC's at their location are in Domain A??

Thanks so much
Chris Cater
 
Sort by date Sort by votes
If they don't have an account in Domain A, then they can't log on using the Domain A's GC. They have to be able to contact a GC within their domain.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
 
Upvote 0 Downvote
Ok. Thanks Dave. So there must be a GC in the user's domain, in order for authentication to happen. But would it really be necessary to place a GC for the other domain in our site? Then we would have a GC in each domain, at our site...

Thanks,

Chris
 
Upvote 0 Downvote
In order for a user to logon locally they'd have to be in a universal group in order for the local GC to have their credentials...it gets a bit confusing.

Here's a good link to read about it:
I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
 
Upvote 0 Downvote
Thanks for the link Dave. I'm digging through it now. However, looking at the Active Directory domain for users who were having trouble logging into a computer in a diff domain for the 1st time, all the users were part of universal groups....

which supposedly is replicated to the GC's in both sites, and thus they should be able to log in on all sites.

I will post if I find anything else.

Thanks,

Chris
 
Upvote 0 Downvote
Dave,

When the the user attempts to log on, does his computer send his user ID to the nearest Domain Controller, or to a domain controller in the users's domain. I understand that next, the Global Catalog Server is contacted to provide the Universal Group list; but which server is the intermediary DC, the user's or the computer's?

Thanks,

Chris
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
122
hairlessupportmonkey
hairlessupportmonkey
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
373
gbaughma
gbaughma
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
424
mangentle
mangentle
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
385
gbaughma
gbaughma
juniper911
  • Locked
  • Question
Smartcard PIN Cache - is it configurable?
Replies
0
Views
90
juniper911
juniper911

Part and Inventory Search

Sponsor

Back
Top