Announcement

Collapse
No announcement yet.

PDC Emulator and authentication

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • PDC Emulator and authentication

    I was told that if the PDC Emulator is down for more the 90 min that authentication across the domain will stop even if you have other DCís and GCís in the environment. Is this true and is there a KB article on this somewhere? Is there anything supporting this? How long can the PDC Emulator be down before causing issues.

    All windows 2000\2003, XP and exchange 2003. Does anyone have any information on this??

    Thanks

    [email protected]

  • #2
    Re: PDC Emulator and authentication

    Hello,

    The primary role of PDC emulator is to act as a Windows NT primary domain controller in the AD envirament. It processes password changes from down level clients and replicates updates to the BDCs.
    It is also plays some roles in time synchronization.
    Since you have only Windows 2000, 2003 and XP operation systems the offline PDC emulator will not cause authentication issues.

    I have never heard about what you said.
    Regarding to 90 minutes, Windows Server 2003, Windows 2000, and Windows XP clients refresh their policies every 90 minutes with an additional, randomized offset of 30 minutes.

    More about the operation master roles is presented here:
    http://technet2.microsoft.com/Window....mspx?mfr=true
    Last edited by netxt; 8th May 2006, 21:50.
    Regards,
    Csaba Papp
    MCSA+messaging, MCSE, CCNA
    ...............................
    Remember to give credit where credit is due and leave reputation points where appropriate
    .................................

    Comment


    • #3
      Re: PDC Emulator and authentication

      In theory, you can take PDCE down for tombstone lifetime period and get away with warnings, but without breaking anything.

      By default the DCs will look for PDCE as authoritative time source and you will have issues related to editing GPOs, but as long as you do not have legacy clients, you can take the PDCE down for up to 60 days pre-W2K3 SP1 environment (DCs) and for 180 days if all the DCs are W2K3 SP1.

      Another issue would have to do with password chaining - if PDCE is down, you might get temporary authentication failures after changing user passwords.
      (see http://support.microsoft.com/kb/320325/EN-US/ for details on how password chaining works)
      Guy Teverovsky
      "Smith & Wesson - the original point and click interface"

      Comment


      • #4
        Re: PDC Emulator and authentication

        Thanks for the information guys. I appreciate it.

        Comment

        Working...
        X