General discussion

Locked

Active Directory Domain Controllers

By jbm ·
I have 4 DC's. The first DC built on our domain is in Detroit. We then installed a second DC in Detroit. Owr office then expanded into New York so we installed a third and fourth DC in our NY office. What I have discovered is that users in NY are still authenticating on the Detroit DC's and not the NY DC's? Is there a specific config that has to be implemented at the DC or client system which will have systems authenticate on DC's at there location? Each site has DHCP server and the Detroit office has the WINS server. All DC are running DNS...

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by paul.desjardins In reply to Active Directory Domain C ...

Are you running subdomains for the detroit and new york areas. If you are running separate domains for the detroit and new york (recommended), then you may want to check DNS on the servers located in the subdomain for new york and see if the SRV resource records are pointing to the IPs for your DCs at new york instead of detroit. If DNS is integrated with Active Directory, then when a login request is initiated, the nearest server should answer the resource request with a SRV Resource Record, which should be your DCs at New York. There may be an inconsistency there. It may not be the answer, but it's a good place to start troubleshooting to make sure your configurations are correct.

Collapse -

by lowlands In reply to Active Directory Domain C ...

The DC's is selected based on your site configuration. Make sure you have all your sites and subnets defined properly. That with the answer above should take care of your problem

Collapse -

Global Catalog

by georgej.coakley In reply to Active Directory Domain C ...

You need to make sure the remote DC's are global catalog servers. Go to AD site and services, under servers go to the server, then to NTDS, right click and check the box for global catalog.

Collapse -

windows 2k? or 2003?

by sgt_shultz In reply to Active Directory Domain C ...

<snip>
Windows Server 2003
To configure Windows Server 2003-based domain controllers, use the Net Logon service Group Policy "Priority Set in the domain controller locator DNS SRV Records".
Back to the top
for windows 2000 read the whole article:
How to optimize the location of a domain controller or global catalog that resides outside of a client's site
http://support.microsoft.com/kb/306602/en-us

Collapse -

lowlands is correct...

by CG IT In reply to Active Directory Domain C ...

you define sites and their subnets in Active Directory sites and services. This is for AD replication traffic between sites.

At NY site, you specify your NY office DCs as 1st and 2nd NY users authenticate with, with Detroit DCs listed 3rd and 4th. In case your NY DCs take a dive. You also assign the global Catalog role to your Detroit DCs and make sure the sysvol and netlogin shares are available.

Collapse -

subnets

by Triathlete1981 In reply to Active Directory Domain C ...

if you don't have different subdomains for each site, then it doesn't matter where or how many addt'l dc's you put in. all pc's will look to your original dc for authentication. you have different locations so set up a different subnet and domain for each site. follow other people's advice.

Back to Windows Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums