I have found that with in my Active Directory (Windows 2003 Interm), there are 4 DC and each is a GLOBAL CATALOG SERVER. So in theory any should be able to authenticate users.
that our XP Clients have a lengthy HOSTS and LMHOSTS file (that are both the same entries)
My concern is that I had an issue with one of my AD Servers (the one that hold the PDC ROLE) and it was down for a few hours, I think the entries in the HOSTS/LMHOSTS did not help my issue. I was able to swap the roles form this server to one of the alternative ones, though some XP systems still did not want to play nice.
192.168.1.2 "BDC_NT \0x1b" #PRE
192.168.1.2 AD-PDC #PRE #DOM:BDC_NT
192.168.1.3 AD-BDC1 #PRE #DOM:BDC_NT
192.168.1.4 AD-BDC2 #PRE #DOM:BDC_NT
192.168.1.5 AD-BDC3 #PRE #DOM:BDC_NT
Would these entries hinder the users ability to connect to servers and authenticate with the Global Catalogs when that Entry for the first line is referencing a server that is the one that when t off line? It looks like that would over-ride some if not all the other Domain Controllers on the network and cause issues with people trying to log into the systems.
Am I close or way off base on this one? I have always been the type to keep a really clean HOSTS and LMHOSTS files and let the DNS and WINS take care of the resolutions so that systems can change in such a case.
Best Answer
Why are you using the hosts/lmhosts files in the first place? That's just begging for problems. If your AD domain is native you should just lose those files and let DNS take care of things.
Even if it's not native, if your PC's are joined to the domain then there are very few reasons to have a big long hosts/lmhosts file with entries related to the domain they're members of common to all of them.