No announcement yet.

Length of time user can work without a DC

  • Filter
  • Time
  • Show
Clear All
new posts

  • Length of time user can work without a DC

    Hi, new to the forum and hope someone can help I've been asked the question about one of our remote sites:

    How long could the users work for if there is no WAN connection and the domain controller goes down?

    I know that users can log on using cached credentials but what happens if the DC and WAN are down whilst they are logged on? I'm not sure how the Kerberos tickets affect the length of time they are allowed to continue working for before it breaks.

    Our settings for this are default

    Maximum lifetime for user ticket - 10 hours
    Maximum lifetime for service ticket - 600 mins
    Maximum lifetime for user ticket renewal - 7 days

    But I could do with some explanation! What happens if a user is working over 10 hours and the DC is down and no other DC to authenticate to?

    We also had a scenario the other month whereby there was no local DC on a remote site (was about to be put in place). The WAN died and some critical services stopped working instantly because it could not authenticate. Do AD accounts used as service accounts need constant authentication to a DC?

    The same question can be asked of password resets without a DC present. What happens when the user is offline and the password is due to be reset by them. Does it prompt then let the DC know when its available again?

    Thanks in advance!
    Last edited by BassAddict; 19th July 2010, 10:06.