Sorry forgot to add thank you for the lecture Michael, very clear and concise.
Jon On Fri, Sep 5, 2008 at 9:25 PM, Jon Harris <[EMAIL PROTECTED]> wrote: > Nope tried that and it was no cigar or beer. At least for a DC anyway. > I never tired it on anything else above 2000 either so you may get lucky and > they fixed it in 2003. > > Nice timing Martin! I am about to test a solution and need to isolate a DC > for a week and may need this information. > > Jon > > On Fri, Sep 5, 2008 at 8:42 PM, Klint Price - ArizonaITPro < > [EMAIL PROTECTED]> wrote: > >> Can't you just right-click on the machine in ADUC and select "reset >> account"? >> >> Klint >> >> >> >> >> Martin Blackstone wrote: >> >> Thanks Michael. >> >> >> >> *From:* Michael B. Smith [mailto:[EMAIL PROTECTED]<[EMAIL PROTECTED]>] >> >> *Sent:* Friday, September 05, 2008 1:54 PM >> *To:* NT System Admin Issues >> *Subject:* RE: Domain Offline More than 2 Months >> >> >> >> <lecture mode on> >> >> When a Windows computer joins a domain, it establishes a *secure >> channel*with the directory service (be it the NT directory or Active >> Directory). >> This secure channel is used to pass information, using a specific >> cryptographic method, between the Windows computer and a domain controller >> (or between domain controllers in different domains). In Windows NT, the >> cryptographic method was based on NTLM. In Windows 2000 and above, it is >> based on Kerberos. >> >> >> >> By default, and behind the scenes, Windows automatically changes the >> password it uses to establish this secure channel every 7 – 30 days (another >> value that has changed over the years). Within that lifetime times 2, a >> machine is allowed to automatically resync to a new password. Outside of >> that, the secure channel must be reset. >> >> >> >> The standard way of resetting a secure channel is to remove the Windows >> computer from the domain and then rejoin it. However, there are two tools >> that can do it as well. They are nltest.exe and netdom.exe. >> >> </lecture mode off> >> >> >> >> http://support.microsoft.com/default.aspx/kb/260575/EN-US/ for netdom and >> >> >> >> http://support.microsoft.com/kb/181171 for nltest. >> >> >> >> Regards, >> >> >> >> Michael B. Smith >> >> MCITP:SA,EMA/MCSE/Exchange MVP >> >> http://TheEssentialExchange.com <http://theessentialexchange.com/> >> >> >> >> *From:* Martin Blackstone [mailto:[EMAIL PROTECTED]<[EMAIL PROTECTED]>] >> >> *Sent:* Friday, September 05, 2008 4:40 PM >> *To:* NT System Admin Issues >> *Subject:* RE: Domain Offline More than 2 Months >> >> >> >> Thanks Michael, >> >> Can you elaborate a bit more on that? >> >> >> >> *From:* Michael B. Smith [mailto:[EMAIL PROTECTED]<[EMAIL PROTECTED]>] >> >> *Sent:* Friday, September 05, 2008 1:33 PM >> *To:* NT System Admin Issues >> *Subject:* RE: Domain Offline More than 2 Months >> >> >> >> Seems to me that if you have a single DC that holds all the FSMO roles, >> that one should still be able to log in. >> >> >> >> Then you could reset the secure channels for each computer using nltest or >> netdom. >> >> >> >> Regards, >> >> >> >> Michael B. Smith >> >> MCITP:SA,EMA/MCSE/Exchange MVP >> >> http://TheEssentialExchange.com <http://theessentialexchange.com/> >> >> >> >> *From:* Martin Blackstone [mailto:[EMAIL PROTECTED]<[EMAIL PROTECTED]>] >> >> *Sent:* Friday, September 05, 2008 4:28 PM >> *To:* NT System Admin Issues >> *Subject:* Domain Offline More than 2 Months >> >> >> >> So we talked about this a while back and today I got a call from someone >> who has a lab network that has been off at least two months (I swear it's >> not me!). As you can imagine nothing works now. >> >> Before I tell him he is SOL, is there any magic bullet for this? >> >> >> >> *From:* Michael B. Smith [mailto:[EMAIL PROTECTED]<[EMAIL PROTECTED]>] >> >> *Sent:* Tuesday, August 12, 2008 3:45 PM >> *To:* NT System Admin Issues >> *Subject:* RE: DC Offline >> >> >> >> The default tombstone lifetime is 60 days. Unless you changed it (not >> advisable) it is either that, or higher (don't ask – there was a bug that >> made it 180 for awhile). >> >> >> >> Regards, >> >> >> >> Michael B. Smith >> >> MCITP:SA,EMA/MCSE/Exchange MVP >> >> http://TheEssentialExchange.com <http://theessentialexchange.com/> >> >> >> >> *From:* Martin Blackstone [mailto:[EMAIL PROTECTED]<[EMAIL PROTECTED]>] >> >> *Sent:* Tuesday, August 12, 2008 6:37 PM >> *To:* NT System Admin Issues >> *Subject:* DC Offline >> >> >> >> I know we have discussed this before, but I probably didn't pay attention >> and now I need to know. >> >> How long can a DC remain offline before it goes sour? I have a need to >> build a small network then ship it off somewhere. It may end up staying in >> the crate for a few days as well, so let's say it could be off for a week. >> >> It would be a standalone domain and this would be the only DC for it. >> >> Its demo stuff…. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
