What is the User Account System (UAS)?
Luke Kenneth Casson Leighton
lkcl at regent.push.net
Tue Apr 28 23:39:32 GMT 1998
On Wed, 29 Apr 1998, Paul Ashton wrote:
>
> pcc at ntsinc.com said:
> > The more I look into this domain authentication, the more confused I
> > become.
>
> You're not the only one. The only way you get to understand this is
> to disassemble it.
oo, don't say that: disassembly is only legal if it's for interoperability
reasons :-)
> > While reading MS KB Article Q78209, I read:
> >
> > The Netlogon service is executed to replicate the user accounts system
> > (UAS) database between a primary domain controller (PDC), a backup domain
> > controller (BDC), and member servers, and to validate logons to the
> > logical domain the servers are in.
>
> Gobbledygook.
the first part is factually incorrect. \PIPE\NETLOGON is for logins;
\PIPE\samr is for SAM replication. ah, they are referring to
\PIPE\NETLOGON _not_ the [netlogon] share that you load policies and batch
files from.
that's why it's confusing.
> > I am assuming that the user accounts system is referring to the SAM and
> > info in the NetLogon share. I am reading this to be the "domain
> > syncronization of the SAM & other associated domain info" goes to the BDC's
> > (which makes sense) BUT ALSO the member servers?????? Where am I going
> > wrong here? Under what (if any) circumstances do memeber servers take part
> > in the syncronization of a domain?
>
> I think UAS==SAM here.
that's what i assume, which means the above statement is wrong: \PIPE\samr
is used for sam replication.
> Take a look at the resource kit utility NLTEST.
this gives you information, and it's really for test / understanding
purposes. it doesn't actually do anything useful / critical. for
example, NLTEST sends an LsaAuth command _not_ an LsaAuth2 when doing a
"LsaSamLogon" test.
More information about the samba-ntdom
mailing list