Jump to content

Domain controller fail

Valentin17
By Valentin17
in Servers, NAS, and Home Lab
 Share
Posted

My DC based on Ubuntu Server 16.04. has failed. I now that I can not create new users, change passwords etc.

But my question is this. Would PCs that are members of that domain be able to login to their PCs for unlimited time (days, months)?

I pointed my DHCP server to old DNS server and everything is working without any problems.

 

Would there be any surprises in the future?

 

Thank you very much for all your help. 😃

Link to comment
https://linustechtips.com/topic/1540921-domain-controller-fail/
Share on other sites
Link to post
Share on other sites
Posted

If anybody besides you is using this domain, you will be surprised how often people forget their password. "In theory" you can keep logging in indefinitely (if the passwords did not have expiration) in practice it just takes one unexpected event to bring your whole operation down.

Link to comment
https://linustechtips.com/topic/1540921-domain-controller-fail/#findComment-16206555
Share on other sites
Link to post
Share on other sites
Posted
  • Author
20 minutes ago, thevictor390 said:

If anybody besides you is using this domain, you will be surprised how often people forget their password. "In theory" you can keep logging in indefinitely (if the passwords did not have expiration) in practice it just takes one unexpected event to bring your whole operation down.

I am a domain admin, my passwords for all accounts are stored in a secure place.

What do you mean by this "practice it just takes one unexpected event to bring your whole operation down"? Any example.

Thanks. 😄

Link to comment
https://linustechtips.com/topic/1540921-domain-controller-fail/#findComment-16206588
Share on other sites
Link to post
Share on other sites
Posted
3 minutes ago, Valentin17 said:

I am a domain admin, my passwords for all accounts are stored in a secure place.

What do you mean by this "practice it just takes one unexpected event to bring your whole operation down"? Any example.

Thanks. 😄

Windows could just one day decide to start telling you "we can't sign you in with this credential because your domain isn't available" or "The trust relationship between this workstation and the primary domain failed" or whatever other random common error you get with domains, and you won't have a way to resolve it.

Link to comment
https://linustechtips.com/topic/1540921-domain-controller-fail/#findComment-16206593
Share on other sites
Link to post
Share on other sites
Posted
  • Author
7 minutes ago, thevictor390 said:

Windows could just one day decide to start telling you "we can't sign you in with this credential because your domain isn't available" or "The trust relationship between this workstation and the primary domain failed" or whatever other random common error you get with domains, and you won't have a way to resolve it.

I was afraid of this. That's what I meant when I asked for advice.

What could i do at this point with my PCs? Can i leave a domain without a DC?

Link to comment
https://linustechtips.com/topic/1540921-domain-controller-fail/#findComment-16206605
Share on other sites
Link to post
Share on other sites
Posted

Are your PCs Windows clients? Typically Windows will keep AD user credentials cached indefinitely by default, unless you defined a limit in GPO/registry. However, I have had experiences in the past where a Windows Update would wipe out the cached creds and the user will have to connect back to the domain network to log in and cache again. I've seen it happen many times (I used to support WFH users at a large org that didn't yet have a cloud presence for WFH users).

 

You can remove a PC from a domain while inaccessible. Just go into system preferences and set yourself back to a workgroup. It may prompt for credentials but you can just put in anything since it won't actually authenticate against anything.

 

If your PCs are Ubuntu clients, then I apologize I don't have much working experience in that scenario.

Link to comment
https://linustechtips.com/topic/1540921-domain-controller-fail/#findComment-16208538
Share on other sites
Link to post
Share on other sites
Posted
  • Author
10 hours ago, Egon3 said:

Are your PCs Windows clients? Typically Windows will keep AD user credentials cached indefinitely by default, unless you defined a limit in GPO/registry. However, I have had experiences in the past where a Windows Update would wipe out the cached creds and the user will have to connect back to the domain network to log in and cache again. I've seen it happen many times (I used to support WFH users at a large org that didn't yet have a cloud presence for WFH users).

 

You can remove a PC from a domain while inaccessible. Just go into system preferences and set yourself back to a workgroup. It may prompt for credentials but you can just put in anything since it won't actually authenticate against anything.

 

If your PCs are Ubuntu clients, then I apologize I don't have much working experience in that scenario.

My PCs are all Windows 10. Thanks. 😄

Link to comment
https://linustechtips.com/topic/1540921-domain-controller-fail/#findComment-16208917
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Servers, NAS, and Home Lab

×