Jump to content

2 Ad User Profile ?'s


G-Stress

Recommended Posts

Watched a few modules on 2k3 and 2k8 getting the feel for AD. Got a what seems to be a simple, possibly dumb question to you sys admins.

If you have a DC setup and join machine to the DC, you shut the domain controller completely down and the newly joined machine is still powered on. Say for example you reboot that machine and the DC is still powered off, how is it possible on reboot I'm still able to login to the domain apparently?

Also in a domain environment where the user can log into the domain via a number of workstations and on any machine they will have their personal desktop, file's, etc. is that roaming profiles? I haven't gotten that far yet in the modules and have always just been curious.

Sorry if these are dumb questions.

Link to comment
Share on other sites

Few things. #1, most networks have redundant domain controllers that replicate data, fail overs, etc. #2, depending on how the workstation was setup and the security policy in place, once a machine has been attached to a domain, it will "cache" its domain credentials for a number of days, which can be enforced via group policy. I think the default is like 14 days or something but don't quote me on that. #3, when setting up a domain, sometimes they implement WINS as well for the network file sharing among the lan, so if the DC is down, but they have a separate DHCP and WINS server, you login with your domain credentials, and then speak to other local workstations over normal windows file sharing, but you more than likely won't get to the internet since your DNS server could be down if you only have 1 DC and don't have another DNS server on the farm. Eventually things would stop working and you would only be able to login using the local machine account, by which you could remove it from the domain and workgroup if you were the local machines administrator.

Domain logins are done against the domain controller, and profiles by nature are for the domain and all settings come from the enforced group policy in place. You could set up the destkop either in normal desktop mode, where files are saved locally with extra mapped shares, or the desktop is pointed to a network share where they only get the icons and folders you specify in the policy.

We had normal desktops with additional shares on the network per user and group. If you saved locally to the desktop, then those files only exist on that desktop unless the install points their desktop to a share on the network. Usually you have a normal desktop, but additional mapped folders to shares on the network, so you can login from any where and reach your share on the network with your files so long as you saved them in your share and not locally to one specific workstation. We used to yell at people all the time at work because they would save stuff locally to the machine and if it went died for any reason, we couldn't access the files if needed, but if saved on a network share, we could reach it from any other workstation who had access to the share. You can put them in an organizational unit based on user, or based on department(group). We had both user and group shares for our logins, but we also used Novel along with AD for access to legacy network shares and remote machines throughout the lan and wan.

If a windows profile got corrupted on a machine, you can login locally as the workstation admin, delete the users profile folder and files from the workstation, and then just relogin to the domain using your domain credentials, and it would recreate profile and fix it if it were corrupt. We used to do this at school where Explorer.exe was constantly crashing upon login for certain users because something in their profile got corrupt, but not for other users on the same machine. We deleted the local profile contents and then relogin, and it sets it up like the first time you logged into the machine via domain login, adjusting your settings and setting up your desktop.

Link to comment
Share on other sites

Also in a domain environment where the user can log into the domain via a number of workstations and on any machine they will have their personal desktop, file's, etc. is that roaming profiles? I haven't gotten that far yet in the modules and have always just been curious.

The difference between a local and a roaming profile is quite simple. Local profile basically means, all your files and documents are stored in your computer's hard drive. Whereas a roaming profile; as soon as a user logs off from that computer, all data will be synced/copied to the server, if you move a lot between computers roaming profiles will be of a big advantage to you. Since you are not required to copy/move data between computers.

One thing to bear in mind is that, roaming profiles do have a tendency of getting corrupted more often than local profiles.

Link to comment
Share on other sites

Also an advantage of roaming profiles means if you setup Outlook on one machine, if they visit another machine, their profile and Outlook settings get downloaded from the server, meaning you don't have to set up their Outlook profile again.

We used roaming profiles at NHS and they helped a lot. New place I'm at don't and it's a pain having to setup Outlook on any PC someone moves to.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...