Loggin to remote DC VS Own Subnet DC

D

David Mah

We have several remote offices, because of the number of employees in those
offices we have installed a DC/GC in each. However it seems that employees
from the main office are logged on to the remote DCs. All DCs are on their
own site/subnet which I thought was suppose to not let computers from
different subnets to logon to other subnets.
How can I prevent above happening and make those with certain subnets to
logon to the Dc on their own subnet?

Our config is Windows 2003 AD.
 
H

Herb Martin

David Mah said:
We have several remote offices, because of the number of employees in those
offices we have installed a DC/GC in each. However it seems that employees
from the main office are logged on to the remote DCs. All DCs are on their
own site/subnet which I thought was suppose to not let computers from
different subnets to logon to other subnets.
How can I prevent above happening and make those with certain subnets to
logon to the Dc on their own subnet?
Click to expand...

You cannot "prevent" it -- but you can INFLUENCE it.

Did you create your SITES in "Sites and Services"?

If it looks like a separate LAN (across a WAN) and it has
a DC/GC then make it a separate site.

Then right click on each DC and "move" it to the appropriate
Site.

Make sure your clients are using the "nearest" DNS server
and that you DNS is fully replicated. (You might want each
DC/GC to be an AD-Integrated DNS server unless you have
a LOT of DCs.)
 
D

David Mah

That is exactly what I have done.
All DC/GCs are own their own site which were created in the site and
services and all DNSs are AD Integrated. But I still have this problem.
 
H

Herb Martin

David Mah said:
That is exactly what I have done.
All DC/GCs are own their own site which were created in the site and
services and all DNSs are AD Integrated. But I still have this problem.
Click to expand...

What problem? (Yes, I know you said they are authenticating
off site but that is BY DESIGN under some circumstance and
how do you know you have "a problem"?)

What DNS settings do the CLIENTS have? Remember that DCs
are DNS CLIENTS too!!!!

Do all DCs have appropriate entries in the DNS _underscore
subdomains, especially the "Site" where they live?

Run DCDiag on each DC and send the output to a text file;
search for FAIL, WARN, ERROR.

IF there is a problem it is likely due to your DCs not having
their NIC set to use themselves as the DNS server, or
incomplete DNS server replication, or (ordinary) clients not
using the right DNS server (local).
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Client and DC 4
using remote site DC for logonserver 5
Best process for seting up remote DC? 9
Connecting to a domain controller on a different subnet 7
loggin on AD problem 3
Site without a DC? 4
if to build a DC at remote subnet 4
Adding a w2k DC to a w2k3 domain 1

Top