Solved

Fallback to NTLM in case of domain controller disconnection

Posted on 2011-03-01
1
518 Views
Last Modified: 2012-05-11
Hi experts,
1.      Is it correct that the entire file share mechanism in windows server 2003 environment is working with NTLM, meaning that if the domain controller will be dropped; I will still have share capabilities?

2.      Regardless to that, is that correct that if I will lose connection to the domain controller (in server 2003 environment) all the components will fall back to NTLM mechanism and in potential all the basic services should work (printing,IIS,sharing..)?
Thanks in advance,
0
Comment
Question by:WAS_Infra
1 Comment
 
LVL 10

Accepted Solution

by:
rscottvan earned 500 total points
ID: 35008449
NTLM is an authentication type, but has no bearing on your question.  NTLM or Kerberos can be used to authenticate with a Domain Controller, or a Member Server, or a Standalone Server, or a workstation.  Kerberos is a more secure mechanism.

If a system cannot connect to a Domain Controller to authenticate users, it will still authenticate them if they have previously logged on to that system.  This is because the local Security Account Management database will cache the credentials of anyone who has previously logged on, and will authenticate the user against those cached credentials if a DC cannot be reached.  (This is default behavior, it can be disabled if desired.)

So, if a user has never accessed a server resource (like a share) and tries to access it for the first time when a DC is not available, they will not be able to authenticate to use the resource.  However, if they have previously accessed any resource on that server, the server will grant access so long as the user is using the same credentials as the last time they accessed the resource.

Read more about it here:
http://support.microsoft.com/kb/913485
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now