Solved

dc logon & domain member logon query

Posted on 2014-02-06
6
402 Views
Last Modified: 2014-02-15
hi, could i please get some advice regarding the below :

question 1.

when i run 'dcpromo' on the master dc, this is the same password i always use to logon to the domain controller obviously, but i always use this same username & password to logon to all the domain controllers and what i did not realise until recently is that if i save files in my documents where i always save stuff on my master dc.  i can also logon with the same username & password on my domain member server and still see those same files i saved.  what i wanted to know is should i create a separate username & password to logon to each of the domain member servers so they have their own   ?

question 2.

as i logon to each domain member server which is the same 'username & password' as the domain controller, as i have not created anymore should i create a roaming folder just like i would for normal domain users  ?
0
Comment
Question by:mikey250
6 Comments
 
LVL 6

Accepted Solution

by:
alexgreen312 earned 167 total points
ID: 39838467
OK, I'm a little bit confused by the post however I'll try my best.

So you have a username and password you use to log onto the DC's, should you have a separate username and password for each DC. No you should not.

Your files in my documents are available on all servers, this is down to group policy and folder redirection, I wouldn't be too concerned about this.

No you should not create a roaming profile for server based accounts. It's not terrible but bad practice since you can fill up the C:\ quite quickly if you have a large roaming profile, also it'll increase your logon times to servers which you haven't logged onto previously.

Does that answer your question since I'm having a few issues understanding the question :(

Regards

Alex
0
 
LVL 10

Assisted Solution

by:Prashant Girennavar
Prashant Girennavar earned 167 total points
ID: 39838495
question 1.

answer :

 Domain controllers dont have the local administrator account.  i.e they have the administrator account centerliased  and you can use this single account to login to the all the domain controllers. Keep in mind that , the domain administrator account is not local , rather it is a central one and can be used to login to any domain contollers or member servers.

 what I suspect in your case is , you are using this account to login to the domain controllers and member servers , hence you are able to see my document information on all of them since the account which your are using is not local.

Question 2

I think the first question answer will answer most of this question.

More info can be found on below article

what is roaming profile -- http://en.wikipedia.org/wiki/Roaming_user_profile

how to set roaming profile -- http://www.sfu.ca/ad/roaming_profiles.html

Let us know if you have more questions :)

Thanks,

-Prashant Girennavar.
0
 

Author Comment

by:mikey250
ID: 39838506
yes you are giving me the answers i wanted.

"so you have a username and password you use to log onto the dc's, should you have a separate username and password for each dc.  no you should not."

- i only have 1 single dc, but if i had 2 or more, no i would still use the same username & password - im ok with that as i was referring to my dc.

"your files in my documents are available on all servers, this is down to group policy and folder redirection, i wouldn't be too concerned about this."

 "no you should not create a roaming profile for server based accounts.  it's not terrible but bad practice since you can fill up the c:\ quite quickly if you have a large roaming profile, also it'll increase your logon times to servers which you haven't logged onto previously."

- ok that is ok as had to make sure.


because when i use the domain administrator logon, i do not create redirection/roaming folder, like i would with domain user accounts, so i assume this is normal as administrators have access to each server anyway by default....unless i wanted to track my domain admin logon of daily use, just like a domain user account...thats my understanding, but if i did want to track the administrator i assume looking in the eventviewer for example is a way to do so.  so again i assume setting up a redirection/roamin folder for a domain admin is of no use.

question 1.  what there was an issue with logging on with my domain admin logon my my master dc and i could maybe fix it or not, but i needed to change something for another user for example, then i assume when i use the same domain admin account to logon to a domain member server that this would have issues logging on as it is connected to the master dc  ?
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 166 total points
ID: 39839956
Since you have only single DC, you can keep two accounts with domain admins privileges
If anything wrong happens with one account, another account will take care of that.
Ensure that both accounts are member of following groups
domain admins,
enterprise admins
built-in administrators group.
Schema admins

because if any account gets locked, you can have another account to unlock it.
However note that built-in domain administrator account never get locked

Also its better if you could keep one ADC as well if your user count is more than 50 to avoid major downtime in case of server hardware failure.

Mahesh
0
 

Author Comment

by:mikey250
ID: 39861045
morning Mahesh thanks for that useful info.  appreciated.
0
 

Author Closing Comment

by:mikey250
ID: 39861050
sound advice.  appreciated.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Suggested Solutions

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now