Solved

Active directory

Posted on 2014-04-24
4
188 Views
Last Modified: 2014-04-24
Hi all ,
I have two dc's 2008 std and one of them holding the all 5 fsmo rules
Dc1 fsmo
Dc2

Yesterday dc1 went down and users could still login to the system.
1. How long can users login after dc goes down?

I went over the internet and there is no really straight foreword explanation.
0
Comment
Question by:Moti Mashiah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 167 total points
ID: 40019859
As long as DC2 is up they should be able to logon.   DC2 in this case is also a GC and I'm assuming has DNS.

The FSMO roles don't affect logins.

If DC1 is down longer than the Tombstone Lifetime then you will have some cleanup work to do.

Thanks

Mike
0
 
LVL 30

Assisted Solution

by:Rich Weissler
Rich Weissler earned 167 total points
ID: 40019870
If I understand the question, you're asking how long after DC1 goes down can users continue to log into the domain, assuming DC2 stays up?
DC1 has all the FSMO roles, but I assume DNS and Global Catalogs are on each of the two servers.  (Or, if not, if there were only a single global catalog, it shouldn't be in DC1 anyway.)

There is nothing about the situation that would prevent users from logging in.  I don't want to say, 'forever'... because there would eventually be other problems, but this is one of the primary reasons to have more than one DC in an environment... so users can continue to log in to the domain.
0
 
LVL 9

Assisted Solution

by:Red-King
Red-King earned 166 total points
ID: 40019899
I recall that a DC will 'tombstone' in AD after 2 weeks.
You can forcefully have DC2 assume/seize the FSMO roles.
See the following MS article
http://support.microsoft.com/kb/255504

Rory
0
 
LVL 1

Author Closing Comment

by:Moti Mashiah
ID: 40019919
Was really helpful thank you very much.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can LDAP and LDAPS function together on a 2012 R2 server? 11 62
Testrail - Active Directory integration. 4 35
Restricted Domain Group Policy 4 41
user Log on times in AD 5 41
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question