| Author |
Another nice question? ;-)
|
|
| CyberDude 2002-10-29, 12:19 am |
| You have multiple DC's setup as recommended by M$. One day a user asks the Admin that he wants a new password. The Admin says ok, your old one is Bob right? So your new one is Bill. Replication between DC's is set to 10 min's. The Admin changes the users password on a DC (which is not an OM). Three min's later, that DC goes down.
Q. When the user goes to login, cn he use his new password, and why or why not?
I will provide the answer Thursday evening, have fun... | |
| quyda 2002-10-29, 12:56 am |
| New password, I guess, as DC replicate critical changes immediately! | |
| Slinky 2002-10-29, 8:16 am |
| I was messing around with this before, and I found out that the PDC was notified immediately of a password change. | |
| Pavlov 2002-10-29, 8:23 am |
| I would agree with the previous thoughts. Critcal changes should be replicated immediately and a password change should be considered critical. | |
| CyberDude 2002-10-31, 12:12 am |
| Everyone's correct. The user can login using the new password, because even though AD replication is set to 10 min's, critical changes (like passwords) are sent to the PDC Emulator straight away.
The user will login, the DC will look at his current password and say that they conflict. The DC will then contact the PDC Emulator and ask it if there is a user with these details using this password. The PDC Emulator will confirm the password change to the DC, which will then allow the user to gain access to AD. | |
| Riverwind6 2002-10-31, 10:05 pm |
| So what if the PDC emulator went down?
Then one domain controller knows of the new password(because it was changed on that one) and the other DCs dont know about it. So in 10 minutes everyone will know? | |
| Sexy Lexy 2002-11-01, 5:47 am |
| I can't quite remember how this one came about but it may come in useful if you ever encounter the problem.
After I logged I decided to change my password on the domain controller and thought nothing of it. However, later on, when I tried to access any servers or network shares I was presented with an authentication error message with access denied.
I always thought that the ACL was compared to the SID that was generated for your account at log on but changing the password when you are still logged on with the old password causes headaches.
Simply resolved by you logging out and back in again!
Great question cyberdude, account being disabled and password changes are automatically replicated in the directory as they are critical changes.
Sounds like you are learning a lot about AD in your new position, has this anything to do with your boss by chance??
 | |
| CyberDude 2002-11-06, 1:41 pm |
| Yes Sexy, this has everything to do with my boss. I get grilled at least once a week on AD, and get humbled everytime. | |
| Sexy Lexy 2002-11-06, 1:49 pm |
| Just think of everything you will know regarding Active Directory. And one day, you will catch him out I guarantee it.
|
|
|
|