Solved

Fallback to NTLM in case of domain controller disconnection

Posted on 2011-03-01
1
515 Views
Last Modified: 2012-05-11
Hi experts,
1.      Is it correct that the entire file share mechanism in windows server 2003 environment is working with NTLM, meaning that if the domain controller will be dropped; I will still have share capabilities?

2.      Regardless to that, is that correct that if I will lose connection to the domain controller (in server 2003 environment) all the components will fall back to NTLM mechanism and in potential all the basic services should work (printing,IIS,sharing..)?
Thanks in advance,
0
Comment
Question by:WAS_Infra
1 Comment
 
LVL 10

Accepted Solution

by:
rscottvan earned 500 total points
ID: 35008449
NTLM is an authentication type, but has no bearing on your question.  NTLM or Kerberos can be used to authenticate with a Domain Controller, or a Member Server, or a Standalone Server, or a workstation.  Kerberos is a more secure mechanism.

If a system cannot connect to a Domain Controller to authenticate users, it will still authenticate them if they have previously logged on to that system.  This is because the local Security Account Management database will cache the credentials of anyone who has previously logged on, and will authenticate the user against those cached credentials if a DC cannot be reached.  (This is default behavior, it can be disabled if desired.)

So, if a user has never accessed a server resource (like a share) and tries to access it for the first time when a DC is not available, they will not be able to authenticate to use the resource.  However, if they have previously accessed any resource on that server, the server will grant access so long as the user is using the same credentials as the last time they accessed the resource.

Read more about it here:
http://support.microsoft.com/kb/913485
0

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now