No problems! I will never be the first to cast the stones - living in a glass house tends to educate one!
And, this is all a learning process. For the first time in probably 4 years, I had to create a trust to a Windows NT domain from our Windows 2000. Guess what? I got an education in the fact that LMHOSTS *DOES* still matter! :-) Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 "Any sufficiently advanced technology is indistinguishable from magic." --- Arthur C. Clarke > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Al > Lilianstrom > Sent: Friday, May 31, 2002 8:56 AM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] 2 AD DCs but only one accepting > authentication > > > I stand corrected. We've been in native mode from day 1 so I > tend to forget that some of the things we can't work without > don't apply to mixed mode. > > al > > Rick Kingslan wrote: > > > > Note the bottom paragraph of the Q article - > > > > "In a Mixed-mode domain, universal groups cannot be created. If a > > Windows 2000-based computer is located in a down-level or > Mixed-mode > > domain, different behavior occurs. Other domains may be in > Native mode > > and universal groups may have been created that contain the > user as a > > member. The domain controller authenticating the logon request will > > add the SIDs of the global groups of which the user is a > member to the > > user's token and the local computer adds SIDs for groups of > which the > > user is a member on the local computer as appropriate. When > an attempt > > to use resources in another domain occurs, the computer hosting the > > resource contacts a domain controller for that domain, > which adds the > > SIDs of the groups local to that domain (which may include universal > > groups) of which the user is a member to the user's token. " > > > > EN states he's in mixed-mode. GC's are of minimal use in a > mixed-mode > > environment - and clearly play no part in Group SIDs as the LSA > > handles that for Global and LD groups. The GC only cares > when we're > > dealing with Universals. > > > > Tested this two years ago to prove it out to a customer. They are > > mandatory for Exchange 2000. Not, however for mixed mode > logon. GC's > > are nice to have, especially if you want to use UPNs for logon. > > > > In fact, if EN is using UPN's, the user will be denied. > > > > Rick Kingslan - Microsoft MVP [Windows NT/2000] > > Microsoft Certified Trainer > > MCSA, MCSE+I - Windows NT / 2000 > > > > "Any sufficiently advanced technology > > is indistinguishable from magic." > > --- Arthur C. Clarke > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]] On Behalf Of Al > > > Lilianstrom > > > Sent: Friday, May 31, 2002 8:35 AM > > > To: [EMAIL PROTECTED] > > > Subject: Re: [ActiveDir] 2 AD DCs but only one accepting > > > authentication > > > > > > > > > You can't logon with out a GC. So when DC1 goes away so will your > > > ability to logon. See > > > http://support.microsoft.com/default.aspx?scid=kb;EN-US;q21697 > > 0 for more. > > > > al > > > > > EN wrote: > > > > > > I have 2 AD DCs, and when the first created DC of the > domain fails, > > > the 2nd DC doesn't accept logons. I'm running mixed mode > the GC only > > > being on the first DC shouldn't matter right? Has anyone else > > > encounted this type of problem? When I promoted the 2nd > server to a > > > DC, everything went smoothly, sysvol and netlogon shares were > > > created properly. > > > > > > Each DC has a DNS server as well, with the 1st DC having an AD > > > Integrated DNS, while the 2nd has a Primary DNS, and yet another > > > stand > > > > > alone has a secondary dns. All the dns records "seem" right, in > > > that the svr records are showing up in each DNS server. > > > > > > Any ideas on what too look for to maybe solve this problem? > > > > > > thanks > > > > > > Ernesto > > > > > > > -- > > > > Al Lilianstrom > > CD/OSS/CSI > > [EMAIL PROTECTED] > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > -- > > Al Lilianstrom > CD/OSS/CSI > [EMAIL PROTECTED] > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
