General discussion

Locked

Authentication

By kevin.pillay ·
We have a W2K network with AD installed. We have multiple offices in SA. Our main office is in JHB. I am currently in PTA. When users log onto the network, they authenticate to different domain controllers through out the country. We have one GlobalCatalogue server which is located in JHB. We do have other offices internationally. Each country has one main office. How do we get users to authenticate to there local servers? Each country is setup as a site, what I suggested is that each branch office be setup as a site but that does not follow our IT policy.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Authentication

by ins413 In reply to Authentication

I think that you may have answered your own question. A global catalog server in each seperate office is the way to go. It will also provide with some fault tolerance, if the server goes down at corp, ALL users will not be able to log on. Microsoft recommends at least one GC per remote site, that doesn't mean you can't have more than one. One thing that comes to mind is, if you are running in mixed mode can't you just add a BDC at each site. There is also a Q article you can look at if youwish, but I would use it as a last resort. The Q article number is Q241789. Let me know which of these solutions you are going with as I am am intereseted.

Good Luck

Norm

Collapse -

Authentication

by kevin.pillay In reply to Authentication

The question was auto-closed by TechRepublic

Collapse -

Authentication

by Joseph Moore In reply to Authentication

So, the users in the USA authenticate to DCs all over the USA, instead of their local DC? And the entire USA is in its own Site?
That is why.
Workstations authenticate to any DC in the Site they belong to. If every single workstation in the USA isin the USA site, than users in PTA might authenticate to the SA DC. It is the Site boundaries that limit authentication.
So, change the IP policy to have each USA office as its own Site. It is a small change, but it will fix your problem.

Here is a URL to a Microsoft white paper on Sites:
http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/adsites.asp
(please remove any spaces)

hope this helps

Collapse -

Authentication

by kevin.pillay In reply to Authentication

The question was auto-closed by TechRepublic

Collapse -

Authentication

by kevin.pillay In reply to Authentication

This question was auto closed due to inactivity

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Forums