Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Exchange
2000.active.directory
2000.admin
2000.announcements
2000.app.conversion
2000.applications
2000.clients
2000.clustering
2000.connectivity
2000.development
2000.documentation
2000.general
2000.information.store
2000.interop
2000.kms
2000.misc
2000.protocols
2000.realtime.collabo.
2000.setup
2000.transport
2000.win2000
admin
application.conversion
applications
clients
clustering
connectivity
design
development
misc
mobility
setup
tools
  
 
date: Wed, 4 Jan 2006 07:27:02 -0800,    group: microsoft.public.exchange2000.active.directory.integration        back       


problem after removing AD from Exchange box    
Hi,
I had 3 DCs (2000 server), which one of them was my Ex2000 box, so I decided 
to take the AD off this server. Now People from remote sites (VPN) have to 
enter their ID and password every time they open the Outlook. Before taking 
off AD they could open Outlook without any authentication. They are coming 
from different domain however they have the same ID and password on both 
domains. So can someone help me to fix this problem? Another thing people 
could use OWA without adding domain name but now everyone has to use 
domain-name\user in order to use web access. Is there any solution for this, 
too? Non of the operation masters was on exchange box however all three 
servers were GC server.

Thanks in advance for any help-Rob
date: Wed, 4 Jan 2006 07:27:02 -0800   author:   Rob

Re: problem after removing AD from Exchange box    
I'm not sure that you can change this behavior. In Windows 2003 Server and 
Windows XP, the operating system on the client side was locked down in such 
a way that it is no longer possible to authenticate to a separate domain 
even if your username and password were identical. A Windows 2000 and 
earlier client does not have this restriction. You may notice that some of 
your clients with this version see no difference in behavior.

It appears that having the DC on your Exchange server somehow allowed you to 
bypass the locked down behavior. Without confirming I will speculate the 
reason for this. In this scenario, (which is generally not recommended for 
Exchange deployments anyway) the Exchange server has only one directory. 
Domain controllers do not have local SAM accounts. When your Exchange server 
became a member server, it has 2 directories that it is aware of. One is 
Active directory, the other is the machine local users. This probably has a 
lot to do with the prompting. It no longer knows if you are trying to 
authenticate to AD or to a local account.

I would recommend that you either consolidate your directories into the same 
forest or set up a "trust" relationship and eliminate the duplicate user 
accounts. Once you do this the unnecessary prompts should go away and you 
should get the behavior you desire.

-- 
Please do not send email directly to this alias. This alias is for newsgroup 
purposes only.

This posting is provided "AS IS" with no warranties, and confers no rights.


"Rob"  wrote in message 
news:243CB4C3-DF23-41D1-ACD1-55113F98E864@microsoft.com...
> Hi,
> I had 3 DCs (2000 server), which one of them was my Ex2000 box, so I 
> decided
> to take the AD off this server. Now People from remote sites (VPN) have to
> enter their ID and password every time they open the Outlook. Before 
> taking
> off AD they could open Outlook without any authentication. They are coming
> from different domain however they have the same ID and password on both
> domains. So can someone help me to fix this problem? Another thing people
> could use OWA without adding domain name but now everyone has to use
> domain-name\user in order to use web access. Is there any solution for 
> this,
> too? Non of the operation masters was on exchange box however all three
> servers were GC server.
>
> Thanks in advance for any help-Rob
>
date: Wed, 4 Jan 2006 16:13:10 -0800   author:   Matt Kuzior [MSFT]

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us