Thanks for catching...
What was I thinking, you are correct it is password and account lockout as
well as time sync management for the domain.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jorge de Almeida Pinto [MVP - DS]"
<SubstituteThisWithMyFullNameSeparatedByDots@gmail.com> wrote in message
news:OvCi62t7GHA.2384@TK2MSFTNGP04.phx.gbl...
>> The biggest issue could be the PDCe if you have Windows NT or earlier
>> clients. These client authenticate via the PDCe FSMO role
>
> nope...NT clients can authenticate to ANY DC. However, if nothing is done
> a password change is directed to the PDC FSMO. If the DSClient is
> installed the NT machine can change the password on ANY DC
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>
> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
> ------------------------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no
> rights!
> * Always test before implementing!
> ------------------------------------------------------------------------------------------
> #################################################
> #################################################
> ------------------------------------------------------------------------------------------
> "Paul Bergson [MVP-DS]" <pbergson@allete_nospam.com> wrote in message
> news:OnFDdQs7GHA.4368@TK2MSFTNGP04.phx.gbl...
>> The biggest issue could be the PDCe if you have Windows NT or earlier
>> clients. These client authenticate via the PDCe FSMO role. If you don't
>> have any older clients and you are only going to be down for a day or two
>> I wouldn;t give it a second thought.
>>
>> http://support.microsoft.com/default.aspx/kb/197132
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCT, MCSE, MCSA, Security+, BS CSci
>> 2003, 2000 (Early Achiever), NT
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "Mahesh.A" <Mahesh.A@discussions.microsoft.com> wrote in message
>> news:3D43FA9A-393C-4EEC-8D6E-952CA0ADA75C@microsoft.com...
>>> Hi
>>>
>>> My self is Mahesh and i have query as below....
>>>
>>> i have 2 Windows 2000 Advanced Servers and configured one as Root DC
>>> and
>>> another one as ADC. These two servers are installed in Microsoft cluster
>>> Environment due to application requirement as application is installed
>>> in
>>> cluster.As a part of preventive action we need to carry failover testing
>>> of
>>> these ytwo Servers to check whether application will work properly from
>>> secondary server if primary server goes down.During this failover
>>> testing we
>>> need to keep Primary server down which is configured as Root DC. Pls let
>>> us
>>> know if there is any problem if we carry failover test without
>>> transferring
>>> FSMO roles.
>>>
>>> Note: All FSMO roles are configured on Primary Server and having Single
>>> Domain and Single Forest.
>>> Both the Servers are installed Configured with GC and DNS Server.
>>
>>
>
>