AD Partitioning

[fernando]

Hi all,
With NDS you can partition your tree and place various
replica's on various servers. So in the case where you
have a network spanning accross a WAN you can place
partition information of one office directly on the
server located in their office so to stop unnessasary
replication of directory information accross limited wan
links.

I believe active directory doesn't have this feature. Am
I right or wrong?

Also, if I had a domain controller on one network and
other offices(connected via wan) had to connect to that
domain controller for authentication and mail services,
considering each office has a local server for
file/print, what would happen to the users if their wan
link went down after authenticating to the domain
controllers? Would they not be able to access files and
print to the local win2003 server that is not a domain
controller, considering the domain controllers are on
another network that has been cut out by the wan link for
say an hour or 2?

If I'm not clear please let me know. I would like to know
if the users can continue working.

Cheers,
Fernando

 

[Joe Richards [MVP]]

Question 1. Yes, the smallest piece you can break out is the domain.

Question 2. The anwer is it depends. Users log on and get a kerberos certificate which by default is good for 10 hours,
if the WAN break occurs in that time frame the users may not even notice. If they have to authenticate, they will
authenticate to their own PC that they have logged onto previously with a cached profile but they may have issues
connecting to the file and print server.