Hi,
Can someone explain what the significance of DCacheUpdate in the
Winlogon registry key is? The only info Google turns up is that it
stores the domain name in binary form, and not to touch it. :-P
Here's my problem... My lab systems are in an AD domain, but users
authenticate to a 3rd party kerberos realm. I can set
DefaultDomainName, CachePrimaryDomain, and AltDefaultDomainName to the
mit realm name (which works fine), but here's where the problem starts:
If I log in to the AD domain (lets say with my domain admin account),
and log back out, then all 3 of those change to my AD domain name (which
is fine - I expect it to).
So, if I remotely push out the registry changes again to set those 3
values back to my MIT realm name, then wait a few minutes (or hit
ctrl-alt-delete), then CachePrimaryDomain changes to my AD domain, and
DefaultDomainName changes to the *local computer name*. In addition, I
can see that DCacheUpdate changes its value as well. (I'm remotely
viewing the registry while nobody is logged in to watch these values
change).
Why does it do this, and why does it seem to be linked to me logging in
to the AD domain? If I were to log in to the mit realm, then those
settings stay set to my MIT realm (with the exception of
CachePrimaryDomain, but I dont think I really care about that one, do I?).
So, does that make sense at all? Is the "last logged in domain" value
stored somewhere else, and DCacheUpdate is rebuilt from that?
Thanks,
- Robbie
--
Robbie Foust, CISSP, A+
OIT - CSI
Duke University
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
