Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

dc logon & domain member logon query

Posted on 2014-02-06
6
408 Views
Last Modified: 2014-02-15
hi, could i please get some advice regarding the below :

question 1.

when i run 'dcpromo' on the master dc, this is the same password i always use to logon to the domain controller obviously, but i always use this same username & password to logon to all the domain controllers and what i did not realise until recently is that if i save files in my documents where i always save stuff on my master dc.  i can also logon with the same username & password on my domain member server and still see those same files i saved.  what i wanted to know is should i create a separate username & password to logon to each of the domain member servers so they have their own   ?

question 2.

as i logon to each domain member server which is the same 'username & password' as the domain controller, as i have not created anymore should i create a roaming folder just like i would for normal domain users  ?
0
Comment
Question by:mikey250
6 Comments
 
LVL 9

Accepted Solution

by:
Alex Green earned 167 total points
ID: 39838467
OK, I'm a little bit confused by the post however I'll try my best.

So you have a username and password you use to log onto the DC's, should you have a separate username and password for each DC. No you should not.

Your files in my documents are available on all servers, this is down to group policy and folder redirection, I wouldn't be too concerned about this.

No you should not create a roaming profile for server based accounts. It's not terrible but bad practice since you can fill up the C:\ quite quickly if you have a large roaming profile, also it'll increase your logon times to servers which you haven't logged onto previously.

Does that answer your question since I'm having a few issues understanding the question :(

Regards

Alex
0
 
LVL 10

Assisted Solution

by:Prashant Girennavar
Prashant Girennavar earned 167 total points
ID: 39838495
question 1.

answer :

 Domain controllers dont have the local administrator account.  i.e they have the administrator account centerliased  and you can use this single account to login to the all the domain controllers. Keep in mind that , the domain administrator account is not local , rather it is a central one and can be used to login to any domain contollers or member servers.

 what I suspect in your case is , you are using this account to login to the domain controllers and member servers , hence you are able to see my document information on all of them since the account which your are using is not local.

Question 2

I think the first question answer will answer most of this question.

More info can be found on below article

what is roaming profile -- http://en.wikipedia.org/wiki/Roaming_user_profile

how to set roaming profile -- http://www.sfu.ca/ad/roaming_profiles.html

Let us know if you have more questions :)

Thanks,

-Prashant Girennavar.
0
 

Author Comment

by:mikey250
ID: 39838506
yes you are giving me the answers i wanted.

"so you have a username and password you use to log onto the dc's, should you have a separate username and password for each dc.  no you should not."

- i only have 1 single dc, but if i had 2 or more, no i would still use the same username & password - im ok with that as i was referring to my dc.

"your files in my documents are available on all servers, this is down to group policy and folder redirection, i wouldn't be too concerned about this."

 "no you should not create a roaming profile for server based accounts.  it's not terrible but bad practice since you can fill up the c:\ quite quickly if you have a large roaming profile, also it'll increase your logon times to servers which you haven't logged onto previously."

- ok that is ok as had to make sure.


because when i use the domain administrator logon, i do not create redirection/roaming folder, like i would with domain user accounts, so i assume this is normal as administrators have access to each server anyway by default....unless i wanted to track my domain admin logon of daily use, just like a domain user account...thats my understanding, but if i did want to track the administrator i assume looking in the eventviewer for example is a way to do so.  so again i assume setting up a redirection/roamin folder for a domain admin is of no use.

question 1.  what there was an issue with logging on with my domain admin logon my my master dc and i could maybe fix it or not, but i needed to change something for another user for example, then i assume when i use the same domain admin account to logon to a domain member server that this would have issues logging on as it is connected to the master dc  ?
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 36

Assisted Solution

by:Mahesh
Mahesh earned 166 total points
ID: 39839956
Since you have only single DC, you can keep two accounts with domain admins privileges
If anything wrong happens with one account, another account will take care of that.
Ensure that both accounts are member of following groups
domain admins,
enterprise admins
built-in administrators group.
Schema admins

because if any account gets locked, you can have another account to unlock it.
However note that built-in domain administrator account never get locked

Also its better if you could keep one ADC as well if your user count is more than 50 to avoid major downtime in case of server hardware failure.

Mahesh
0
 

Author Comment

by:mikey250
ID: 39861045
morning Mahesh thanks for that useful info.  appreciated.
0
 

Author Closing Comment

by:mikey250
ID: 39861050
sound advice.  appreciated.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question