General discussion

Locked

Machine accounts on BDC

By JustinF ·
My PDC is across a WAN link. If the BDCs are disconnected for an extended period they lose all the information on machine accounts that aren't on their local network. Is there any way of keeping the machine account information locally?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Machine accounts on BDC

by Skitzizzy In reply to Machine accounts on BDC

Hi,

Try turning database replication off or extending the replication period on the PDC when the BDC's are offline.

Regards,

Andy

Collapse -

Machine accounts on BDC

by JustinF In reply to Machine accounts on BDC

Poster rated this answer

Collapse -

Machine accounts on BDC

by BeerMonster In reply to Machine accounts on BDC

Hi,
Machine account changes are ALWAYS made at the pdc, so if the bdc if off line then obviously it won't pick up those changes - there's nothing you can do about that. The only reason that your bdc's aren't having trouble with local machine accounts is (presumably) because those local machines can't contact the pdc during that time either, and thus can't change their machine account 'password'. I'm guessing that your problem is this - machines from other networks are trying to authenticateagainst bdc's other than the one on their local network and running into problems..?

If I'm on the right track, then there are a couple of things you can try. First of all would be to ensure that connectivity exists between your pdc and bdc's all the time (I presume that's not an option), next you could try telling your machines not to change their passwords - it is open to debate as to exactly how much of a security risk this is, as it only kicks in after the machines have created an initial secure password. Alternatively you could extend the amount of time between password changes for your machine, note that this won't stop your problems, just make them less frequent. All of these options are covered in the technet article

'Effects of Machine Account Replication on a Domain'

To find it go to
www.microsoft.com/technet
and do a search on
Q175468

Hope this helps...

Collapse -

Machine accounts on BDC

by JustinF In reply to Machine accounts on BDC

Poster rated this answer

Collapse -

Machine accounts on BDC

by JustinF In reply to Machine accounts on BDC

This question was closed by the author

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums