Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Fallback to NTLM in case of domain controller disconnection

Posted on 2011-03-01
1
523 Views
Last Modified: 2012-05-11
Hi experts,
1.      Is it correct that the entire file share mechanism in windows server 2003 environment is working with NTLM, meaning that if the domain controller will be dropped; I will still have share capabilities?

2.      Regardless to that, is that correct that if I will lose connection to the domain controller (in server 2003 environment) all the components will fall back to NTLM mechanism and in potential all the basic services should work (printing,IIS,sharing..)?
Thanks in advance,
0
Comment
Question by:WAS_Infra
1 Comment
 
LVL 10

Accepted Solution

by:
rscottvan earned 500 total points
ID: 35008449
NTLM is an authentication type, but has no bearing on your question.  NTLM or Kerberos can be used to authenticate with a Domain Controller, or a Member Server, or a Standalone Server, or a workstation.  Kerberos is a more secure mechanism.

If a system cannot connect to a Domain Controller to authenticate users, it will still authenticate them if they have previously logged on to that system.  This is because the local Security Account Management database will cache the credentials of anyone who has previously logged on, and will authenticate the user against those cached credentials if a DC cannot be reached.  (This is default behavior, it can be disabled if desired.)

So, if a user has never accessed a server resource (like a share) and tries to access it for the first time when a DC is not available, they will not be able to authenticate to use the resource.  However, if they have previously accessed any resource on that server, the server will grant access so long as the user is using the same credentials as the last time they accessed the resource.

Read more about it here:
http://support.microsoft.com/kb/913485
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question