none
Global Catalog in windows 2008 R2

    Question

  • In a active directory forest with multiple domains, is the user passwords replicated throughout the forest?

    Let's say I have a forest/2 locations, Location-A/Domain-A and Location-B/Domain-B with GC at both the locations/universal membership caching enabled.
    If the link between 2 locations is down, at Location-A, can the users of Domain-B login at location-A?
    Tuesday, July 27, 2010 11:50 PM

Answers

  • No.

    A user has to be authenticated by a domain controller from the domain in which that user's account is defined i.e. domainA\userA requires a domain controller from domainA to log on. In addition, successful logon by default requires presence of a GC - however, this does not have to be a GC from the same domain

    hth
    Marcin

    • Marked as answer by avilt Wednesday, July 28, 2010 1:45 AM
    Wednesday, July 28, 2010 12:03 AM

All replies

  • No.

    A user has to be authenticated by a domain controller from the domain in which that user's account is defined i.e. domainA\userA requires a domain controller from domainA to log on. In addition, successful logon by default requires presence of a GC - however, this does not have to be a GC from the same domain

    hth
    Marcin

    • Marked as answer by avilt Wednesday, July 28, 2010 1:45 AM
    Wednesday, July 28, 2010 12:03 AM
  • What Mr Marcin Policht said is the answer for your question. I just would like to add that it is not possible to store a GC of Domain A on a domain controller in Domain B. It is for that if Domain A is unreachable, there will be no GCs and this means that there no prouve that the user trying to logon exists and he will be unable to authenticate even if domain controllers in Domain B are present.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Best regards.

    Wednesday, July 28, 2010 12:43 AM