dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
770
share rss forum feed

JoeSchmoe007
Premium
join:2003-01-19
Brooklyn, NY
Reviews:
·Optimum Online
·Callcentric
·Verizon FiOS

Need detailed information about working disconnected from do

I am looking into setting up Windows domain environment at home for personal use. Mostly to be able to get familiar with enterprise technologies that require domain authentication.

The plan is to have 1 server running Windows Server 2012 Standard Edition. It will be domain controller and will also host some services and a couple VMs. VMs will also run Windows Server 2012 and will be members of that domain.

I use a laptop as my workstation and sometimes work from remote locations. I would like to add laptop to domain but I don't completely understand (and couldn't find a detailed document from Microsoft) the implications of working on computer joined to domain when domain controller is not available.

All I figured out so far is if you ever logged in to computer with domain credentials they become cached locally and you are supposed to be able to log in using domain credentials even if domain is not available. But what if I have some services running on my laptop under some other domain account? What happens to them?

Are domain credentials only cached for some limited period of times? Are there any other implications?

I guess what I am looking for is some kind of knowledge base article from Microsoft that describes in details all implications of working disconnected from domain.

Does anyone know of such article?



craig70130
Premium
join:2004-04-27
New Orleans, LA

Don't know about an article like you requested but I've had customers take their domain joined laptops out of the office and using their domain credentials for 6+ months in the past without problems.



izy
Premium,MVM
join:2000-09-21
endless loop
kudos:2
reply to JoeSchmoe007

There are no implications.


JoeSchmoe007
Premium
join:2003-01-19
Brooklyn, NY
Reviews:
·Optimum Online
·Callcentric
·Verizon FiOS

said by izy:

There are no implications.

I posted on another forum as well, and there are implications. Only interactive login credentials are cached. So if application is setup to run as a windows service running under domain account it will fail to start. This is something that is very important to me.

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1
reply to JoeSchmoe007

there is a default cache set, but you can change that.

»support.microsoft.com/kb/172931

»windowsitpro.com/windows/domain-···-caching

how is your (1) 2012 server going to be a dc and host VMs? are you going to run hyper-v?

if so, i recommend leaving the 2012 server as it (dont make it a DC), install hyper-v, create a vm server, make that your DC.

create another vm with a client OS...windows7/8 and use RDP on your laptop to login to that vm PC that can be the client OS you test with.

you shouldnt have any problems with the local cache if you decide to use your laptop, but since this is just for testing/lab purposes, it would allow you to keep your laptop as it. it isn't a big deal joining to a domain and back to a workgroup, just another option...


JoeSchmoe007
Premium
join:2003-01-19
Brooklyn, NY
Reviews:
·Optimum Online
·Callcentric
·Verizon FiOS

said by tomdlgns:

there is a default cache set, but you can change that.

»support.microsoft.com/kb/172931

»windowsitpro.com/windows/domain-···-caching

how is your (1) 2012 server going to be a dc and host VMs? are you going to run hyper-v?

if so, i recommend leaving the 2012 server as it (dont make it a DC), install hyper-v, create a vm server, make that your DC.

create another vm with a client OS...windows7/8 and use RDP on your laptop to login to that vm PC that can be the client OS you test with.

you shouldnt have any problems with the local cache if you decide to use your laptop, but since this is just for testing/lab purposes, it would allow you to keep your laptop as it. it isn't a big deal joining to a domain and back to a workgroup, just another option...

Going back and force between domain and workgroup is sort of a big deal. In addition to non-interactive logos not being cached there will also be 2 different user profiles with different locations for documents, app data, etc.

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1

yeah, dont join/remove each day, i meant one or two times during testing wouldn't be an issue.

yes, there would be two profiles (domain and local).

are you testing or not? decide that first.


JoeSchmoe007
Premium
join:2003-01-19
Brooklyn, NY
Reviews:
·Optimum Online
·Callcentric
·Verizon FiOS

said by tomdlgns:

yeah, dont join/remove each day, i meant one or two times during testing wouldn't be an issue.

yes, there would be two profiles (domain and local).

are you testing or not? decide that first.

Ideally I would like to join a domain and stay in domain. It would be beneficial to run SQL Server services under the same domain account on desktop and laptop so that they both can easily authenticate between each other. However, when I am disconnected from domain all SQL Server services on my laptop will not even start.


workablob

join:2004-06-09
Houston, TX
kudos:3
Reviews:
·Comcast
reply to tomdlgns

said by tomdlgns:

there is a default cache set, but you can change that.

»support.microsoft.com/kb/172931

»windowsitpro.com/windows/domain-···-caching

how is your (1) 2012 server going to be a dc and host VMs? are you going to run hyper-v?

if so, i recommend leaving the 2012 server as it (dont make it a DC), install hyper-v, create a vm server, make that your DC.

create another vm with a client OS...windows7/8 and use RDP on your laptop to login to that vm PC that can be the client OS you test with.

you shouldnt have any problems with the local cache if you decide to use your laptop, but since this is just for testing/lab purposes, it would allow you to keep your laptop as it. it isn't a big deal joining to a domain and back to a workgroup, just another option...

I have experience running all my servers in VMWare on a 2003 server.

I ran for a while with VM DCs and that was not good.

You want the DC up and servicing requests before the VMs boot.

Otherwise they can't hit the domain until the VM DC boots.

This causes services to fail to start on the VMs like exchange, SQL that might start using a domain account.

Sure, you can delay the boot of the other VMs until the DC has time to come online but it has worked much better for me to have physical DCs that are ready and waiting for the VMs when they come online.

YMMV.

Blob
--
I may have been born yesterday. But it wasn't at night.

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1
reply to JoeSchmoe007

gotcha, i mis-read your original post. when i read that you want to get familiar with a domain environment, i took it as this being for a lab/test...my mistake.


tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1
reply to workablob

yeah, having the physical DC is nice, but i wouldnt run a physical server as the DC with hyper-v on top. going to my post above, i thought this was for a lab/test, a virtual DC would have been fine.

for what he is doing it shouldnt be an issue, many people have their only DCs as virtual machines. personally, i wouldnt do that, but i suppose as long as you have a virtual DC on another host you should be ok (if a failure occurs). there are alot of ways to build redundancy/get around that issue.


JoeSchmoe007
Premium
join:2003-01-19
Brooklyn, NY
Reviews:
·Optimum Online
·Callcentric
·Verizon FiOS
reply to workablob

said by workablob:

said by tomdlgns:

there is a default cache set, but you can change that.

»support.microsoft.com/kb/172931

»windowsitpro.com/windows/domain-···-caching

how is your (1) 2012 server going to be a dc and host VMs? are you going to run hyper-v?

if so, i recommend leaving the 2012 server as it (dont make it a DC), install hyper-v, create a vm server, make that your DC.

create another vm with a client OS...windows7/8 and use RDP on your laptop to login to that vm PC that can be the client OS you test with.

you shouldnt have any problems with the local cache if you decide to use your laptop, but since this is just for testing/lab purposes, it would allow you to keep your laptop as it. it isn't a big deal joining to a domain and back to a workgroup, just another option...

I have experience running all my servers in VMWare on a 2003 server.

I ran for a while with VM DCs and that was not good.

You want the DC up and servicing requests before the VMs boot.

Otherwise they can't hit the domain until the VM DC boots.

This causes services to fail to start on the VMs like exchange, SQL that might start using a domain account.

Sure, you can delay the boot of the other VMs until the DC has time to come online but it has worked much better for me to have physical DCs that are ready and waiting for the VMs when they come online.

YMMV.

Blob

I was thinking exactly the same thing even though I haven't tried it.


workablob

join:2004-06-09
Houston, TX
kudos:3
Reviews:
·Comcast
reply to tomdlgns

said by tomdlgns:

yeah, having the physical DC is nice, but i wouldnt run a physical server as the DC with hyper-v on top. going to my post above, i thought this was for a lab/test, a virtual DC would have been fine.

for what he is doing it shouldnt be an issue, many people have their only DCs as virtual machines. personally, i wouldnt do that, but i suppose as long as you have a virtual DC on another host you should be ok (if a failure occurs). there are alot of ways to build redundancy/get around that issue.

I may revisit doing the DC on a VM again but it was killing me so I just went with physical.

It's been working great for several years now.

Blob
--
I may have been born yesterday. But it wasn't at night.

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1

i have dc-1 and dc-2 running as VMs, but...

-it is a hardware cluster (2 hosts)
-dc-1 is on its own LUN
-dc-2 is on its own LUN
-it is a lab/test environment


AsherN
Premium
join:2010-08-23
Thornhill, ON

I have a geographically diverse setup. 7 clusters. 25 VMWare hosts, 100+ VMs, 10 DCs. I do not have a single physical DC and never had an issue. Don't know about Hyper-V, but VMWare let's you specify the VM power up order.


tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1

that is a pretty slick home setup