General discussion


Active Directory - DC - Authentication

By solonow ·
How do you make sure that the remote users that are the part of AD (in different OU) are authenticating against their local domain controller. This Windows 2003 Domain is defined by the subnet that the servers are on. I have to created and configured a site connector to join and synchronise Active Directory between different sites at night. How do they find the nearest domain controller when authenticating ?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

AD Sites and Services

by greyseal96 In reply to Active Directory - DC - ...

Since you've already configured a connector, you probably already know about Active Directory Sites and Services. Here is a little snippet taken from the AD Sites and Services Help File:

"Sites facilitate:

Authentication. When clients log on using a domain account, the logon mechanism first searches for domain controllers that are in the same site as the client. Attempting to use domain controllers in the client's site first localizes network traffic, increasing the efficiency of the authentication process."

So if you have your dc's grouped by site then the clients will look first to the dc's in their site for authentication. Hope that answers your question. If not, post again.

Collapse -

How are offsite DC's found by a client?

by scott.brehm In reply to AD Sites and Services

What is the login mechanism used? Does it start with a broadcast from the client? What happens if there is no DC in the subnet? I have one site with multiple subnets in vlans to isolate broadcast traffic, with DC's running DHCP in a server vlan and use IP helper-addresses in my Cisco router to pass DHCP requests from the client vlans. Does that also aid login's? If not, how does a client locate a DC that is not in broadcast range? We also have small sites on the WAN with no DC's, but no one has been able to tell me how a client in one of those sites finds a DC.

Collapse -

It's all about DNS (aka: SRV Records)

by winwalker In reply to How are offsite DC's foun ...

Related Discussions

Related Forums