|
|
|
| You want to add a child omain to your Win2k network. You install Win2k server and promote to be a DC, convert the domain to native mode and create accounts for users and computers within that domain.
No one can login. What is the problem?
1 The user's PCs are not configured to automatically register with WINs
2 No PDC emulator is available
3 The user's PCs are not configured to automatically register with DNS
4 No global catalog server is available | |
| Slinky 2002-11-10, 10:02 pm |
| Sounds like 4. A GC is required for login in native mode, but domain admins can login without one. | |
|
| quote:
Originally posted by Slinky
Sounds like 4. A GC is required for login in native mode, but domain admins can login without one.
nice explanation.
just what i need.
on a mixed mode global catalog is not required for login?????? | |
| Lucidity 2002-11-11, 7:27 am |
| A GC contains Universal groups. Universal groups are only possible in Native Mode.
If your domain is in native mode, users cannot log on if a GC cannot be querried to verify Universal group membership. | |
| dwatts 2002-11-11, 8:13 am |
| Actually, you can get around the need for a GC in Windows 2000. It basically screws up Universal Groups - but you can get around it.
Add the following reg key:
IgnoreGCFailures
To the following portion of the registry:
HKEY_LOCAL_MACHINE\System\Curr
entControlSet\Control\Lsa
It's a "requirement", but not an absolute one. If that makes any sense  | |
| Riverwind6 2002-11-13, 4:39 pm |
| So in a native mode environment, even if a user is not part of a universal group, there still needs to be a GC in the domain for that user to log on? And if it was a mixed mode, that requirement would not be there?
(that is excluding the registry entry dwatts pointed out) | |
| jeff_j_black 2002-11-14, 8:27 am |
| But in mixed mode you would fall back to authenticating with the PDC Emulator. |
|
|
|