Solved

dc logon & domain member logon query

Posted on 2014-02-06
6
407 Views
Last Modified: 2014-02-15
hi, could i please get some advice regarding the below :

question 1.

when i run 'dcpromo' on the master dc, this is the same password i always use to logon to the domain controller obviously, but i always use this same username & password to logon to all the domain controllers and what i did not realise until recently is that if i save files in my documents where i always save stuff on my master dc.  i can also logon with the same username & password on my domain member server and still see those same files i saved.  what i wanted to know is should i create a separate username & password to logon to each of the domain member servers so they have their own   ?

question 2.

as i logon to each domain member server which is the same 'username & password' as the domain controller, as i have not created anymore should i create a roaming folder just like i would for normal domain users  ?
0
Comment
Question by:mikey250
6 Comments
 
LVL 8

Accepted Solution

by:
Alex Green earned 167 total points
ID: 39838467
OK, I'm a little bit confused by the post however I'll try my best.

So you have a username and password you use to log onto the DC's, should you have a separate username and password for each DC. No you should not.

Your files in my documents are available on all servers, this is down to group policy and folder redirection, I wouldn't be too concerned about this.

No you should not create a roaming profile for server based accounts. It's not terrible but bad practice since you can fill up the C:\ quite quickly if you have a large roaming profile, also it'll increase your logon times to servers which you haven't logged onto previously.

Does that answer your question since I'm having a few issues understanding the question :(

Regards

Alex
0
 
LVL 10

Assisted Solution

by:Prashant Girennavar
Prashant Girennavar earned 167 total points
ID: 39838495
question 1.

answer :

 Domain controllers dont have the local administrator account.  i.e they have the administrator account centerliased  and you can use this single account to login to the all the domain controllers. Keep in mind that , the domain administrator account is not local , rather it is a central one and can be used to login to any domain contollers or member servers.

 what I suspect in your case is , you are using this account to login to the domain controllers and member servers , hence you are able to see my document information on all of them since the account which your are using is not local.

Question 2

I think the first question answer will answer most of this question.

More info can be found on below article

what is roaming profile -- http://en.wikipedia.org/wiki/Roaming_user_profile

how to set roaming profile -- http://www.sfu.ca/ad/roaming_profiles.html

Let us know if you have more questions :)

Thanks,

-Prashant Girennavar.
0
 

Author Comment

by:mikey250
ID: 39838506
yes you are giving me the answers i wanted.

"so you have a username and password you use to log onto the dc's, should you have a separate username and password for each dc.  no you should not."

- i only have 1 single dc, but if i had 2 or more, no i would still use the same username & password - im ok with that as i was referring to my dc.

"your files in my documents are available on all servers, this is down to group policy and folder redirection, i wouldn't be too concerned about this."

 "no you should not create a roaming profile for server based accounts.  it's not terrible but bad practice since you can fill up the c:\ quite quickly if you have a large roaming profile, also it'll increase your logon times to servers which you haven't logged onto previously."

- ok that is ok as had to make sure.


because when i use the domain administrator logon, i do not create redirection/roaming folder, like i would with domain user accounts, so i assume this is normal as administrators have access to each server anyway by default....unless i wanted to track my domain admin logon of daily use, just like a domain user account...thats my understanding, but if i did want to track the administrator i assume looking in the eventviewer for example is a way to do so.  so again i assume setting up a redirection/roamin folder for a domain admin is of no use.

question 1.  what there was an issue with logging on with my domain admin logon my my master dc and i could maybe fix it or not, but i needed to change something for another user for example, then i assume when i use the same domain admin account to logon to a domain member server that this would have issues logging on as it is connected to the master dc  ?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 36

Assisted Solution

by:Mahesh
Mahesh earned 166 total points
ID: 39839956
Since you have only single DC, you can keep two accounts with domain admins privileges
If anything wrong happens with one account, another account will take care of that.
Ensure that both accounts are member of following groups
domain admins,
enterprise admins
built-in administrators group.
Schema admins

because if any account gets locked, you can have another account to unlock it.
However note that built-in domain administrator account never get locked

Also its better if you could keep one ADC as well if your user count is more than 50 to avoid major downtime in case of server hardware failure.

Mahesh
0
 

Author Comment

by:mikey250
ID: 39861045
morning Mahesh thanks for that useful info.  appreciated.
0
 

Author Closing Comment

by:mikey250
ID: 39861050
sound advice.  appreciated.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question