1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Domain controllers - Local user database

Discussion in 'Windows Server 2003 / 2008 / 2012 Exams' started by beaumontdvd, Feb 8, 2010.

  1. beaumontdvd

    beaumontdvd Kilobyte Poster

    487
    3
    32
    Hi everyone just a quick question. If theres say two domain controllers and each obviously have their own replicated copy of the AD why do they not maintain a local user database? Is it because there is only one local user database needed which is on one of the domain controllers?

    is the local user database credentials such as username / password?

    Thanks in advance!

    Dave
     
    Last edited: Feb 8, 2010
    Certifications: 070-271, 070-272, (MCDST)Level 1,2,3 NVQ
    WIP: 070-270, A+, N+, S+,MCDST 7 Upgrade
  2. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    For security....

    There is a directory services restore mode password that is kinda like a local admin password so you can log on and restore AD etc.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  3. beaumontdvd

    beaumontdvd Kilobyte Poster

    487
    3
    32
    Oh right, but where is it situated at? Would it just be one domain controller?

    Thanks,
    Dave
     
    Certifications: 070-271, 070-272, (MCDST)Level 1,2,3 NVQ
    WIP: 070-270, A+, N+, S+,MCDST 7 Upgrade
  4. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    I don't understand the question, but I will try and explain as to what I think the quesiton is.

    On Domain Controllers you don't have Local Administrators, if you are part of the Administrators Security Group then you are a Local Administrator on the Domain Controller.

    If you are talking about Replication, then that's a bit difference. Replication is what propogates changes to the Active Directory Forest e.g. change a password on Domain Controller 1 and then the user goes to login to a Terminal Server in Japan, he (yes my imaginery user is a man) will be using the new password.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  5. Shinigami

    Shinigami Megabyte Poster

    896
    40
    84
    Each DC has a SAM, which is not used when the DC is running as intended (i.e. normal boot, directory services running and servicing clients).

    The SAM is used when you go to directory services restore mode (i.e. safe mode style). If you depromo the DC, the SAM is used once more. It's always there and local to just that DC for use in specific situations.

    Next time you wanna play with a server prior to promoing it, make a bunch of local accounts. Login to the machine with those accounts. Promo the DC and take a look around, you'll find remnants of those accounts on the machine. When you depromo the DC, those accounts will be there again for use at your own discretion. They won't be used for anything else when the DC is running as a DC.
     
    Certifications: MCSE, MCITP, MCDST, MOS, CIW, Comptia
    WIP: Win7/Lync2010/MCM
  6. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Looks like Shinigami has explained this much better than what I could do. :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  7. beaumontdvd

    beaumontdvd Kilobyte Poster

    487
    3
    32
    Thanks, does sam stand for security access management? Also just one more quick question. Does a member server act like a stand alone server in a workgroup environment for a domain?

    Thanks!

    Dave
     
    Certifications: 070-271, 070-272, (MCDST)Level 1,2,3 NVQ
    WIP: 070-270, A+, N+, S+,MCDST 7 Upgrade
  8. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Errr, not 100% sure what you mean here.

    If you add a member server to the domain you can log onto the server with domain credentials and also have local accounts as well if you want. This assumes that everything is default though.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  9. beaumontdvd

    beaumontdvd Kilobyte Poster

    487
    3
    32
    Sorry mate, I mean that in a workgroup a computer running server 03 ect is called a stand alone server so in a domain is a member server like that? But provides file sharing ect?

    Thanks for everyones help,
    Dave
     
    Certifications: 070-271, 070-272, (MCDST)Level 1,2,3 NVQ
    WIP: 070-270, A+, N+, S+,MCDST 7 Upgrade
  10. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Yup, a member server could be a file server, web server or have an additional application such as Exchange Server.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  11. beaumontdvd

    beaumontdvd Kilobyte Poster

    487
    3
    32
    Thanks mate that makes sense! Really appreciate the help :)

    Repped! :biggrin
     
    Certifications: 070-271, 070-272, (MCDST)Level 1,2,3 NVQ
    WIP: 070-270, A+, N+, S+,MCDST 7 Upgrade

Share This Page

Loading...