Cached Account unable to access shared folder when DC unavailable

S

Stan

Hello,

I've got a remote office with 5 XP workstations that are unable to
access a shared folder on their local server when the WAN link to the
home office is down and they can't "see" the Domain Controller. Are
there required registry modifications or settings required in the AD
in order to allow this to happen? I thought this was the default
behavior and the purpose behind cached logins (if you can't access any
resources what's the point of caching the login?)

thanks,
Stan
 
H

Herb Martin

That's the correct behavior. Cached credentials are
designed to allow a user to continue to use their own
machine (laptop) while disconnected from the domain,
but not (necessarily) to reach other DOMAIN resources.

Stan said:
I've got a remote office with 5 XP workstations that are unable to
access a shared folder on their local server when the WAN link to the
home office is down and they can't "see" the Domain Controller. Are
there required registry modifications or settings required in the AD
in order to allow this to happen? I thought this was the default
behavior and the purpose behind cached logins (if you can't access any
resources what's the point of caching the login?)
Click to expand...

Nope. The purpose is to let traveling users still logon to the
machine with their domain account.

Remember this:
"Access to domain resources requires domain authentication."
 
S

Stan

Nope. The purpose is to let traveling users still logon to the
machine with their domain account.

Remember this:
"Access to domain resources requires domain authentication."
Click to expand...

Thanks for the info. 66 remote sites and 2 primary locations - we
were hoping to get away with 4 DCs for the company instead of 70, but
it looks like we'll have a full "Domain Controllers" AD container
after all.......
 
H

Herb Martin

Stan said:
Thanks for the info. 66 remote sites and 2 primary locations - we
were hoping to get away with 4 DCs for the company instead of 70, but
it looks like we'll have a full "Domain Controllers" AD container
after all.......
Click to expand...

The key is in that rule I gave you:
IF access to domain resources for the users at those sites is critical
to the COMPANY, then you need to ensure that they can authenticate
by reaching a DC (and probably making it a GC.)

IF you do NOT have "domain resources" at those sites...then some
flexibility is possible since anytime the WAN is down you would lose
the resources if you lost the authentication.

It's a rule that you have a GC at such sites, but if you don't have a
DC (anyway) it's not really a site and IF you are convinced the WAN
is not an issue (performance, bandwidth, AND reliability) you can
consider "breaking the rule" but then you are saying that the WAN
is not an issue when compared to "access to domain resources."

No local resources? Probably don't need a DC.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User Access to a DC 8
Utility to identify DCs 8
OL2007 - determine if shared calendar folder has been cached 1
Unable to local DC ......... URGENT 1
Cannot access shared folder 1
log on with cached credentials and using VPN to access network dri 1
users at remote office cannot access shared dirs in main office... 7
Unable to log on with a domain account 3

Top