****
*
*
*
*







*
*
                                      
*
*
Windows Server



    

Restartable AD DS :: Restartable Active Directory Domain Service    

*
*

*
*

Restartable AD DS :: Restartable Active Directory Domain Service



Apr
21

Restartable AD DS

Restartable Active Directory Domain Service

 

As taken from: Restartable AD DS Step-by-Step Guide

  http://technet.microsoft.com/en-us/library/cc732714.aspx

You can change the default by modifying the DsrmAdminLogonBehavior registry entry. By modifying the value for that registry entry, you can log on using the DSRM Administrator account in normal startup mode to a domain controller that has AD DS stopped even if no other domain controller is available. You do not need to start the domain controller in DSRM. This can help prevent you from getting inadvertently locked out of a domain controller to which you have logged on locally and stopped the AD DS service. For more information, see Modifying the default logon behavior.

Modifying the default logon behavior

By default, you must start a domain controller in DSRM to log on by using the DSRM Administrator account. However, you can change this behavior by modifying the DSRMAdminLogonBehavior registry entry. By changing the value for this entry, you can configure a domain controller so that you can log on to it with the DSRM Administrator account if the domain controller was started normally but the AD DS service is stopped for some reason.

For example, suppose these actions occur:

1.    You log on to a domain controller locally by using a Domain Admin account.

2.    You stop the AD DS service to perform maintenance.

3.    A password-protected screen saver locks the domain controller.

By default in this situation, you can only unlock the domain controller if another domain controller is available to service the request. To change the default behavior, modify the value of the following registry entry:

HKLM\System\CurrentControlSet\Control\Lsa\DSRMAdminLogonBehavior

 

clip_image001Caution

Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.

 

The following table lists the possible values for this entry. The DSRM admin account can always be used to log on to a domain controller in DSRM. This table describes the options for using the DSRM Administrator account to log on when the domain controller is started normally.

 

Value

Description

0 (default for Windows Server 2008)

The DSRM Administrator account cannot be used to log on.

You can only log on to the domain controller with a domain account. This requires an additional domain controller to authenticate the request and working connectivity, name resolution, authentication, and authorization between the local domain controller and the authenticating domain controller.

1

The DSRM Administrator account can be used to log on only when the AD DS service is stopped.

This value can improve functionality by allowing more options for logging on to a domain controller. However, keep in mind that the DSRM Administrator account password is not checked against any password policy.

You might change the entry to this value in a domain that has a single domain controller, or on a domain controller that is on an isolated network, or on one that points to itself or other offline domain controllers exclusively for name resolution.

2

The DSRM Administrator account can be used to log on at any time. Using this value is not recommended because the DSRM Administrator account password is not checked against any password policy.

 

 http://technet.microsoft.com/en-us/library/cc732714.aspx

 



No TrackBacks

TrackBack URL: http://www.skar.us/site/mt-tb.cgi/3209

Leave a comment








*
*

ebhakt
Author Bio          ★★★★★

Author Name:         ebhakt
Author Location:    India
Author Rank:          Writer
Author Status:        
The Green leave stands!!


*
*
*
*
****



*****



    Desktop
  • eBooks
  • Games
  • Softwares
  • Tools
  • Tweaks
  • Wallpapers
  • Warez
    PDA
  • Games
  • Tools
  • Wallpapers
    System Administration
  • dll Center
  • Scripts
  • Tools
  • .extensions database
  • Write-up
    more...
  • Download Database
  • Jobs
  • Lists
  • Polls
  • Glossary

01000011 01110010 01100001 01100011 01101011 01111010 01101000 01100001 01100011 01101011