Brahim, The DC in the parent domain doesn't store a copy of the subordinate domain users' credentials, so it cannot authenticate them. The fault tolerance comes from having more than one DC *in the same domain*. So if you had two DCs in the root, and two DCs in the subordinate domain, you could (ignoring netowkring issues) survive a loss of one DC in either or both domains.
-gil -----Original Message----- From: Brahim Bouchaiba [mailto:[EMAIL PROTECTED]] Sent: Friday, February 14, 2003 7:41 AM To: [EMAIL PROTECTED] Subject: Re: RE: [ActiveDir] Issue with loging Sorry ,but I'm still confused .There is an automatic trust between the parent DC and the child DC .So if the child went down and the parent DC is up ,users from the child DC should be able to logon to the parent ???otherwise where is the fault tolerance. [EMAIL PROTECTED] writes: >That's a misunderstanding - the parent domain's DCs (or DC in any other >domain) will only know parts of the attributes of the other domains in >a forest. These are stored in the Global Catalog (stores a "partial >attribute set"). This is good to query for data in AD, but not for >logon. The PW of a >user and other things (like Domain Local Group memberships) are only >stored >on the DC of the domain a user belongs to - thus at least one DC of the >domain where you want to logon needs to be available. > >/Guido > >-----Original Message----- >From: Brahim Bouchaiba [mailto:[EMAIL PROTECTED]] >Sent: Montag, 10. Februar 2003 20:55 >To: [EMAIL PROTECTED] >Subject: [ActiveDir] Issue with loging > > >Hello >We thinking about migrating to the active directory ,So I set up lab >test for it.I have one issue so far .I have one parent domain and it's >child .To test the fault tolerance i brought the child domain down >.Then I tried to login to the parent domain with one of the user name >from the child domain.So far i can't .According to microsoft the parent >domain should know >about all the users and their credentials on it's child domain.But it's >not >working fro me.Any help will be great .thanks Brahim Bouchaiba Network administrator Information technology 617-7359720 List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
