Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Active directory

Posted on 2014-04-24
4
Medium Priority
?
191 Views
Last Modified: 2014-04-24
Hi all ,
I have two dc's 2008 std and one of them holding the all 5 fsmo rules
Dc1 fsmo
Dc2

Yesterday dc1 went down and users could still login to the system.
1. How long can users login after dc goes down?

I went over the internet and there is no really straight foreword explanation.
0
Comment
Question by:Moti Mashiah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 668 total points
ID: 40019859
As long as DC2 is up they should be able to logon.   DC2 in this case is also a GC and I'm assuming has DNS.

The FSMO roles don't affect logins.

If DC1 is down longer than the Tombstone Lifetime then you will have some cleanup work to do.

Thanks

Mike
0
 
LVL 30

Assisted Solution

by:Rich Weissler
Rich Weissler earned 668 total points
ID: 40019870
If I understand the question, you're asking how long after DC1 goes down can users continue to log into the domain, assuming DC2 stays up?
DC1 has all the FSMO roles, but I assume DNS and Global Catalogs are on each of the two servers.  (Or, if not, if there were only a single global catalog, it shouldn't be in DC1 anyway.)

There is nothing about the situation that would prevent users from logging in.  I don't want to say, 'forever'... because there would eventually be other problems, but this is one of the primary reasons to have more than one DC in an environment... so users can continue to log in to the domain.
0
 
LVL 9

Assisted Solution

by:Red-King
Red-King earned 664 total points
ID: 40019899
I recall that a DC will 'tombstone' in AD after 2 weeks.
You can forcefully have DC2 assume/seize the FSMO roles.
See the following MS article
http://support.microsoft.com/kb/255504

Rory
0
 
LVL 1

Author Closing Comment

by:Moti Mashiah
ID: 40019919
Was really helpful thank you very much.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question