PDC question when 1 dc fails that's pdc

Discussion in 'Active Directory' started by gira, Oct 9, 2006.

  1. gira

    gira Guest

    Hello,

    In Windows 2003 envt (also forest functional & domain functional level =
    2003),
    where there're 2 DCs (both GC). 1 is a PDC.
    If that DC that's PDC fails, would the clients still be able to logon to the
    domain using the 2nd DC even though that's not a PDC?

    Thanks.
     
    gira, Oct 9, 2006
    #1
    1. Advertisements

  2. gira

    Mallika Guest

    Yes. They will.

    PDC Emulator is used for backward compatibilty. It will act as PDC for
    Windows NT clients. So, Only Windows NT Clients will not be able to login to
    domain.

    Regards,
    Mallika.
     
    Mallika, Oct 9, 2006
    #2
    1. Advertisements

  3. Hi gira,

    there are several differences between domain at nt 4 and win2k. One of them
    is pdc and bdc role.

    In nt 4.0 there is only single master replication from pdc to bdc. If pdc
    failed, you must promote bdc to be pdc.

    In win2k perspective, already implement multi-master replication. If one DC
    failed, its role will be replaced by other DC. But, there are several roles
    still use single master principle, they are called FSMO. There are 5 FSMO in
    win2k world: PDC Emulator, RID Master, Infrastructure Master, Domain Naming
    Master, adn Schema Master. If one of them failed, you must do promoting
    process. It will discuss later if you want :d

    Actually PDC Emulator is very important in win2k, not only for backward
    compatibility (only one of its roles). It is also acting as time server, to
    keep password changing, and act as pdc for bdc from nt 4.0.

    If one dc failed in win2k, for sure, client still can be authenticated by
    other dc.


    regards,
    irwin
     
    Irwin, MCSE,MCDBA,MCT, Oct 9, 2006
    #3
  4. gira

    gira Guest

    thanks guys.

    then if the DC that had a fsmo role of pdc emulator goes down, would the
    clients
    be able to change passwords using the 2nd DC?
    I'm assuming the 2nd DC needs to seize the fsmo role of pdc emulator before
    clients can change passwords...

    thanks.
     
    gira, Oct 10, 2006
    #4
  5. gira

    Herb Martin Guest

    Yes*, since AD is multimastered.

    Legacy clients might in theory be limited since by default
    they do not know about the multimastered feature of AD,
    but in practice all legacy clients (today) should be upgraded
    with DSClient (aka "AD Client Upgrade") which makes them
    multi-master aware (and perhaps more importantly for Win2003
    domains, allows them to do SMB signing.)

    It does not - despite the name - make them true "AD Clients",
    certainly not in the sense of using GPOs or other advanced
    features of AD.
    No, in general this is not true. ALL AD DCs are equal and
    can make most all changes (some are "more equal" for very
    specialized purposes but in general the vast majority of day
    to day purposes these exceptions don't come into play as far
    as making changes to the database.)
     
    Herb Martin, Oct 10, 2006
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.