workstations crossing network to authenticate

[Guest]

Most of our workstations are going across our network to authenticate in
windows 2000 Server environment using active directory groups and desktop
authority script logic. These users will have a domain controller in their
building, but will go to a different domain controller to authenticate, which
is making this process very slow.

I know in a Windows 2000 environment, there is a load balancing between
domain controllers causing this cross network authentication. My question
is, how can I make a certain workstation always authenticate on one domain
controller instead of it finding which ever one is free?

 

[ptwilliams]

Firstly, you must ensure that your subnets are correct and that you've
properly defined the sites (in AD Sites and Services -dssite.msc).

Once this is done, assuming that each site has at least one GC and DNS
server, then traffic shouldn't go across the WAN. What you're seeing is
likely not a load balancing feature (round-robin and netmask ordering ensure
you get local IP addresses for DCs first) but a misconfiguration.

Check all the sites and subnets. For about three months one of our
customers had an issue like this, and it was down to a typo for one of the
subnets.


However, in answer to your question, you can also tweak the SRV record
weightings so that a particular DC will always respond. You can also
statically stipulate that a client is a member of a specific site. However,
check all the above first (and possibly provide us with a bit more info. on
your environment) and we'll come back to this later.

--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

 

[Guest]

Thanks Paul,

I reviewed this and we will apply these changes. This should fix the
problem, if not I will be back when we are finished making the changes.