Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problems using local GC when VPN is down

Status
Not open for further replies.

pogi05

IS-IT--Management
Jul 12, 2006
71
US
We have two sites with two domains, DomainA and DomainB (both windows 2000 &2003), which reside in the same forest. DomainA is the corporate site with the forest root domain which has a glogal catalog server.

In our site, we have trouble with users from DomainB logging into new computer that doesn't have their cached credentials, and when the VPN tunnel between our sites is down. BUT, we have a GC here in our remote site as well. Shouldn't their computers be able to contact the local GC?

It seems like they aren't being routed to use the local GC, when the remote GC in DomainA is unavailable. Does it have anything to do with the fact that the GC's at their location are in Domain A??

Thanks so much
Chris Cater
 
If they don't have an account in Domain A, then they can't log on using the Domain A's GC. They have to be able to contact a GC within their domain.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
 
Ok. Thanks Dave. So there must be a GC in the user's domain, in order for authentication to happen. But would it really be necessary to place a GC for the other domain in our site? Then we would have a GC in each domain, at our site...

Thanks,

Chris
 
In order for a user to logon locally they'd have to be in a universal group in order for the local GC to have their credentials...it gets a bit confusing.

Here's a good link to read about it:
I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
 
Thanks for the link Dave. I'm digging through it now. However, looking at the Active Directory domain for users who were having trouble logging into a computer in a diff domain for the 1st time, all the users were part of universal groups....

which supposedly is replicated to the GC's in both sites, and thus they should be able to log in on all sites.

I will post if I find anything else.

Thanks,

Chris
 
Dave,

When the the user attempts to log on, does his computer send his user ID to the nearest Domain Controller, or to a domain controller in the users's domain. I understand that next, the Global Catalog Server is contacted to provide the Universal Group list; but which server is the intermediary DC, the user's or the computer's?

Thanks,

Chris
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top