Active Directory, Trusts & domains, offline DC
-
Monday, January 14, 2013 1:13 PM
Hello.
I have setup a structure of 2 servers.
A DC
And a application server.The DC has a 1 way trust to customers AD.
The application server is a member of the DC's AD.The application on our app server is a IIS, that uses SSO through the DC to the customers AD. Making our customers able to login to our server with their AD credentials.
However now when i restarted my DC, i was able to login to our webserver(appserver) with the customers credentials.
This should not be possible since every logon attempt is done to the customers AD, but uses the DC's trust to do it.My questions is, how can this be? is there some sort of cache?
Thanks in advance,
Br
Tim
All Replies
-
Tuesday, January 15, 2013 1:35 PMYour description of your problem is confusing. "The application on our app server is a IIS, that uses SSO through the DC to the customers AD. Making our customers able to login to our server with their AD credentials.
However now when i restarted my DC, i was able to login to our webserver(appserver) with the customers credentials."
This sounds like it is doing exactly what you want.
Otherwise, there is some cache, but it is on the client. The client will cache credentials. Had the client machine that had accessed the server previously logged in and had not been turned off?
.:|:.:|:. tim
-
Wednesday, January 16, 2013 12:41 PM
Thanks for the response.
I dont think i was not clear enough.
What i means was that even if the DC (that verifies users, using trust) is offline, I am able to authenticate, even if i am using another browser/instance.
It works. I'm just thinking if the DC does not play its role even though it should, so i can take it offline.
Br.
Tim
.png)
