Domain controllers - Local user database

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi everyone just a quick question. If theres say two domain controllers and each obviously have their own replicated copy of the AD why do they not maintain a local user database? Is it because there is only one local user database needed which is on one of the domain controllers?

is the local user database credentials such as username / password?

Thanks in advance!

Dave

 

Oh right, but where is it situated at? Would it just be one domain controller?

Thanks,
Dave

 

I don't understand the question, but I will try and explain as to what I think the quesiton is.

On Domain Controllers you don't have Local Administrators, if you are part of the Administrators Security Group then you are a Local Administrator on the Domain Controller.

If you are talking about Replication, then that's a bit difference. Replication is what propogates changes to the Active Directory Forest e.g. change a password on Domain Controller 1 and then the user goes to login to a Terminal Server in Japan, he (yes my imaginery user is a man) will be using the new password.

 

Each DC has a SAM, which is not used when the DC is running as intended (i.e. normal boot, directory services running and servicing clients).

The SAM is used when you go to directory services restore mode (i.e. safe mode style). If you depromo the DC, the SAM is used once more. It's always there and local to just that DC for use in specific situations.

Next time you wanna play with a server prior to promoing it, make a bunch of local accounts. Login to the machine with those accounts. Promo the DC and take a look around, you'll find remnants of those accounts on the machine. When you depromo the DC, those accounts will be there again for use at your own discretion. They won't be used for anything else when the DC is running as a DC.

 

Thanks, does sam stand for security access management? Also just one more quick question. Does a member server act like a stand alone server in a workgroup environment for a domain?

Thanks!

Dave

 

Sorry mate, I mean that in a workgroup a computer running server 03 ect is called a stand alone server so in a domain is a member server like that? But provides file sharing ect?

Thanks for everyones help,
Dave

 

Thanks mate that makes sense! Really appreciate the help

Repped!