If you're not running any down-level (pre-W2K) clients, the loss of the PDCe won't be as noticeable. The following operations home on the PDCe and will either fail or be non-deterministic while it is unavailable:
* Password changes
* GPO changes
* Time sync
The other 4 will be negligible during day-to-day operations: schema master will only be noticed if you're extending the schema, domain naming if you're adding/removing a child domain, RID master if you create a large # of objects. (Since you're in a single-domain environment, the infra master is meaningless.)
Active Directory these days, in terms of Server 2003 & 2008, is fully multi-master; any Domain Controller can be queried or have updates written to it, which then replicate to other DCs. The only exception to this is the 5 FSMO roles - these are single-master roles for particular services which can only reside on one DC at a time. The Schema, for example, must only be updated on one DC (the Schema Master) to prevent any conflicts.
The PDC Emulator as Laura already mentioned handles tasks such as account lockouts, password changes and various other roles, but ANY of your DCs in conjunction with GCs can authenticate a user and log them in.
Yes I agree with both of you, but as you both state the PDC emulator deals with account lockouts, password changes, & various other roles. What I'm trying to find out is what if the PDC emulator is available for a few days?
Oops, that should have been, What if the PDC emulator is NOT available for a few day?
If you don't have pre-Windows 2000 Servers or computers, then those should theoretically be able to login to the network using one of the other DCs. Provided among one of these other DCs there is at least one other Global Catalog Server, logons and general network use should not be a problem.
However, the PDC Emulator is responsible for Time Synchronization between all servers and workstations on the network. Password Changes could also become a problem, since these take place at the PDC Emulator. If the PDC Emulator holds other FSMO roles, this could obviously cause problems too.
In short: The network in general should function, provided you have another GC, but you would want to restore the PDCe to service as soon as possible, anyway.
* Password changes
* GPO changes
* Time sync
The other 4 will be negligible during day-to-day operations: schema master will only be noticed if you're extending the schema, domain naming if you're adding/removing a child domain, RID master if you create a large # of objects. (Since you're in a single-domain environment, the infra master is meaningless.)
Active Directory these days, in terms of Server 2003 & 2008, is fully multi-master; any Domain Controller can be queried or have updates written to it, which then replicate to other DCs. The only exception to this is the 5 FSMO roles - these are single-master roles for particular services which can only reside on one DC at a time. The Schema, for example, must only be updated on one DC (the Schema Master) to prevent any conflicts.
The PDC Emulator as Laura already mentioned handles tasks such as account lockouts, password changes and various other roles, but ANY of your DCs in conjunction with GCs can authenticate a user and log them in.
Yes I agree with both of you, but as you both state the PDC emulator deals with account lockouts, password changes, & various other roles. What I'm trying to find out is what if the PDC emulator is available for a few days?
Oops, that should have been, What if the PDC emulator is NOT available for a few day?
If you don't have pre-Windows 2000 Servers or computers, then those should theoretically be able to login to the network using one of the other DCs. Provided among one of these other DCs there is at least one other Global Catalog Server, logons and general network use should not be a problem.
However, the PDC Emulator is responsible for Time Synchronization between all servers and workstations on the network. Password Changes could also become a problem, since these take place at the PDC Emulator. If the PDC Emulator holds other FSMO roles, this could obviously cause problems too.
In short: The network in general should function, provided you have another GC, but you would want to restore the PDCe to service as soon as possible, anyway.
No comments:
Post a Comment