I have found that with in my Active Directory (Windows 2003 Interm), there are 4 DC and each is a GLOBAL CATALOG SERVER. So in theory any should be able to authenticate users.
that our XP Clients have a lengthy HOSTS and LMHOSTS file (that are both the same entries)
My concern is that I had an issue with one of my AD Servers (the one that hold the PDC ROLE) and it was down for a few hours, I think the entries in the HOSTS/LMHOSTS did not help my issue. I was able to swap the roles form this server to one of the alternative ones, though some XP systems still did not want to play nice.
192.168.1.2 "BDC_NT \0x1b" #PRE
192.168.1.2 AD-PDC #PRE #DOM:BDC_NT
192.168.1.3 AD-BDC1 #PRE #DOM:BDC_NT
192.168.1.4 AD-BDC2 #PRE #DOM:BDC_NT
192.168.1.5 AD-BDC3 #PRE #DOM:BDC_NT
Would these entries hinder the users ability to connect to servers and authenticate with the Global Catalogs when that Entry for the first line is referencing a server that is the one that when t off line? It looks like that would over-ride some if not all the other Domain Controllers on the network and cause issues with people trying to log into the systems.
Am I close or way off base on this one? I have always been the type to keep a really clean HOSTS and LMHOSTS files and let the DNS and WINS take care of the resolutions so that systems can change in such a case.
-
Why are you using the hosts/lmhosts files in the first place? That's just begging for problems. If you're AD domain is native you should just lose those files and let DNS take care of things.
Even if it's not native, if your PC's are joined to the domain then there are very few reasons to have a big long hosts/lmhosts file with entries related to the domain they're members of common to all of them.
Adam M. : It is something that I got handed over. It was a suprise to be and with the issue of the server down it was a nasty thing to find out. I have not used HOST or LMHOST since days of DOS...squillman : @Adam: haha, yeah. Been there :) Toss those bad boys, you'll be happier.From squillman -
The last time I had to use LMHOSTS was to enable NETBIOS logons across subnets for NT systems when we had serious problems with WINS servers that weren't reliable. I can't see any reason at all to have any entries in LMHOSTS on a W2K3 domain with XP clients. The #DOM #PRE entries really are going to mess with the XP clients when you have to carry out any maintenance on your DC's (as you have found out).
If you have DNS servers then there is no reason whatsoever to have hosts files. There may be some argument for individual use of hosts files but from a SysAdmin perspective you really do not want to have to be worried about the hassle of managing them, especially on client PC's. Host files only handle name resolution in too so they are no of no use in a domain context if the actual DNS fails, there's no way for the SRV queries that are needed to support domain logons to be handled.
In short if you have an operational WINS infrastructure and a Windows 2000 (or newer) domain and all your clients are Windows 2000 (or newer) then you should not use hosts or lmhosts files.
From Helvick
0 comments:
Post a Comment