none
Domain user 變更密碼運作? RRS feed

  • 一般討論

  • 請教各位,

    當Domain中的使用者要變更密碼時,是直接向PDC作變更?

    還是使用者直接向目前connect的DC變更,再由這台DC轉送密碼變更的訊息給PDC?

    2010年12月26日 下午 02:16

所有回覆

  • 不是直接跟PDC做變更 , 而是跟目前登入的DC做變更

    參考此文章 - http://technet.microsoft.com/en-us/library/cc961787.aspx.

    Replication of Password Changes

    Password changes are replicated differently than normal (non-urgent) replication and urgent replication. Changes to security account passwords present a replication latency problem wherein a user's password is changed on domain controller A and the user subsequently attempts to log on, being authenticated by domain controller B. If the password has not replicated from A to B, the attempt to log on fails. Active Directory replication remedies this situation by forwarding password changes immediately to a single domain controller in the domain, the PDC emulator.

    In Windows 2000 domains, a single domain controller per domain holds the role of PDC emulator, which simulates the behavior of a Microsoft Windows NT version 3.x–based or Windows NT 4.0–based primary domain controller. In Windows NT 4.0, the only domain controller that can accept updates is the primary domain controller. If authentication fails at a backup domain controller, the authentication request is passed immediately to the primary domain controller, which is guaranteed to have the current password.

    In Windows 2000, when a user password is changed at a specific domain controller, that domain controller attempts to update the respective replica at the domain controller that holds the PDC emulator role. Update of the PDC emulator occurs immediately, without respect to schedules between sites on site links. The updated password is propagated to other domain controllers by normal replication within a site. When the user logs on to a domain and is authenticated by a domain controller that does not have the updated password, the domain controller refers to the PDC emulator to check the credentials of the user name and password rather than denying authentication based on a nonvalid password. Therefore, the user can log on successfully even when the authenticating domain controller has not yet received the updated password.

    Thanks

    2011年3月11日 上午 10:43