General discussion

Locked

Domain Authentication

By BobbyT ·
We have a PDC and several BDCs around the United States. For some reason when the PDC goes offline, the users do not authenticate to their local BDC. Is there a way to tell what server a person is authenicating to? Any areas I should look at to determine why users are not authenticating to their local BDC? Thx

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Domain Authentication

by Smurfman In reply to Domain Authentication

Okay here is one place to look, that is if the users are NT workstations, you can go to the PC / Workstation, and choose START -> Programs -> Admin Tools -> NT Diagnostics and choose the network tab that comes up. In there you can see who authenticated the user that signed on. Also, if the PDC was down for a while, it may be out of sync with the BDC's the NETDOM utility from microsoft can help to resync the BDC -> PDC trust relationships. Is the NETLOGON completing successfully in the Event log? Well, good luck, hope this helps.

Smurfman

Collapse -

Domain Authentication

by BobbyT In reply to Domain Authentication

Poster rated this answer

Collapse -

Domain Authentication

by jryorkiv In reply to Domain Authentication

Article I Q150898 How to Display Domain Logon Confirmation in Windows 95/98 and ME.

Also if I remember correctly, you can add a line to Autoexec.bat file and Set
%LogonServer% to a local BDC.

In Windows NT 4.0 you can set a system environment variable stating the %logonserver% of preference.

In Windows NT 4.0 and Windows 2000 Pro you can drop to a command prompt and type Set. this will show you the variable
%logonserver%.

Hope this helps.
All information was pulled from Technet.

Collapse -

Domain Authentication

by BobbyT In reply to Domain Authentication

Poster rated this answer

Collapse -

Domain Authentication

by Bill Cassada In reply to Domain Authentication

In addition to the above make sure your SAM and any other data you need is actually being replicated as it should.

Collapse -

Domain Authentication

by BobbyT In reply to Domain Authentication

Poster rated this answer

Collapse -

Domain Authentication

by kralljd In reply to Domain Authentication

Good answers...

When a client logs on it grabs the first Domain Controller that answers....

Now... depending on how your WAN is setup you could have problems...

How do your clients know where the Domain Controllers are? (name resolution.. WINS/LMhost files DNS/Host files...)
What netbios mode are you using? (Determines the order of NetBios name resolution)
Are you using DHCP or static IP addresses on your clients?

I think that one of the above questions will get you going in the right direction.. and once you are there...

A little tool in the NT 4.0 Server Resource kit... named setprfdc.exe used inside a logon script will at least allow you to set a preffered domain controller for your NT clients....

Collapse -

Domain Authentication

by BobbyT In reply to Domain Authentication

Poster rated this answer

Collapse -

Domain Authentication

by Baziite In reply to Domain Authentication

First check if the BDC is Online ( Pinging it or Mapping a drive etc )This will tell you that the BDC is reachable . Also check on the BDC if it is a member of the same domain as the Offline PDC . Go on your BDC and see if you can logon using the same account you tried on the WKS ( You might have to temporarily permit local logon to the account ). If you can logon then the Account Database exists . Are you using mandatory user profiles which are not replacated to the BDC ? Your Comment can helpme get closer to the problem .

Collapse -

Domain Authentication

by BobbyT In reply to Domain Authentication

Poster rated this answer

Back to Windows Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums