General discussion

Locked

Domain Controller authentication

By al ·
My company is split across two sites with a PDC at one site and a BDC at the other.

Users at the site with the PDC have no problem carrying out monthly password changes, however those at the site with the BDC are not able to do so at all. They receive the standard MS error message "Unable to change the password for Microsoft Networking because of the following error: The domain controller for this domain cannot be found"

However, the Domain controller must have been found in order to request a password change surely!

On checking the PDC we established syncronisation between PDC and BDC is taking place. We can take users to the BDC and change passwords there. Why then can we not complete this transaction on the users client PC.A note also. We are using the lmhosts file to establish a link at the BDC site to connect to the PDC (which is additionally a file server for Company information). Does this need re-scripting in some way to resolve the issue? Answers would be greatly received.

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Domain Controller authentication

by Bhrdwh In reply to Domain Controller authent ...

By split across two sites, I take it that the PDC & BDC are talking to each other via a ISP Link like 128kbps (thru Internet & not cables) now after the suers at site BDC change thier passowrds, its not being sysnchronized by the PDC. the only reason for this could be the connectivity between the PDC & BDC. I suggest you use manual synchronization by using the NT Admin Tools - Server Manager. Also check for the latest service pack updates (SP6a should be on both). Do let me know if this helped.
Akash

Collapse -

Domain Controller authentication

by al In reply to Domain Controller authent ...

Poster rated this answer

Collapse -

Domain Controller authentication

by Ian Mclaws In reply to Domain Controller authent ...

Not exactly.
Whenever a client makes a password change they can only do it on the PDC. The BDC contains a read only copy of the SAM database that will not allow changes. The BDC processes logons etc, but when clients try to change password, they attempt to contact the PDC. Using an LMHOSTS allows the BDC and PDC to see each other, but that won't help here because the BDC is bypassed completely for changes to the SAM database. You can solve the problem completely by simply adding an entry to ALL clients that enables them to find both controllers (usually done through a logon script).
The entries you need are:

111.111.111.111 servername #PRE #DOM:name of domain

(all on one line, use the tab between values)
Add one for each Domain controller. The #PRE tag causes the entry to be loaded into the NetBIOS name cache, the first place checked for resolution. The #DOM tag identifies a domain controller.
(The other benefit of doing this is that you will notice a decrease in traffic generated at logon; clients have the IP addresses of their DC's without going on the network for resolution!)

Bear in mind that clients will need to go across the WAN link for account changes like password changes no matter what you do; only the PDC can make changes!

Good luck,

Ian

Collapse -

Domain Controller authentication

by al In reply to Domain Controller authent ...

Poster rated this answer

Collapse -

Domain Controller authentication

by al In reply to Domain Controller authent ...

Ian

Have already created client lmhosts file containing this informaton, however, this did not fix the problem.

Collapse -

Domain Controller authentication

by al In reply to Domain Controller authent ...

This question was closed by the author

Back to Windows Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums