active directory (sub-domain)

P

Pcnetnet

Hi All,
I have big problem on active directory, becuase our company (abc.com)
have sub-domain install to other location(uk,us,cn...) , but we have ERP
system install to HK office (root domain ) with citrix server , so all user
connect to ERP HK office and then user logon to windows use subdomain name
(e.g. uk.abc.com, us.abc.com) . i problem is ,when uk user logon to citrix
(terminal server) use uk.abc.com domain , then this domain name server is uk
office server through VPN connect , if this VPN line is normal , uk user is
no problem on logon , but when the vpn line have probelm ( e.g. disconnect)
all uk user if connect to ERP cannot logon to windows, because uk user
cannot find the domain name server . this is case 1 , case 2 is uk office
name server have server down , user cannot logon to erp , but we have ERP
application have no any error. we have any method success logon to ERP
(citrix server) use uk.abc.com , when the uk domain server is down or vpn
line is down ! Thanks ALL


Thanks,
Patrick
 
A

Anthony

Patrick,
You can solve the DNS problem by making secondaries of all sub-domain zones
on your central DNS servers.
For something as important as your international ERP, you could also keep a
replicated DC for each sub-domain at the centre.
Anthony, http://www.airdesk.co.uk
 
P

Paul Bergson [MVP-DS]

I agree with Anthony. If you have an unreliable network, then you should
consider placing dc's at remote sites for higher reliability.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
 
P

pcnetnet

Hi All,
i setup the secondary dns on my side, if the sub-domain server is down
or between root domain and sub-domain the vpn line is down , when uk user
connect internet to our server(root domain) logon , him must be find the
name server ( sub-domain) , so cannot logon ?? right ? how to do when
sub-domain user logon to root domain server is access to root domain logon
or cache the name !
do you have any document or internet link for do this , Thanks ,

Thanks,
Patrick
 
A

Anthony

This sounds like a big enterprise-level system. You probably should have a
DC for each sub-domain at your central site.
Or get a more reliable network. The VPN should not be down that often, so
presumably we are talking about something that happens once or twice a year,
Anthony, http://www.airdesk.co.uk
 
P

pcnetnet

but we have about 10 sub-domain of of our company , then no other i must
install each sub-domain DC in root domain, then in root domain have up to 10
server , and network problem , i afraid the VPN line is down about 3 hour ,
then uk user cannot logon to erp this problem is network problem , but user
can connect to erp server use internet , but cannot logon ,no domain problem
is network problem , my boss don't hope do this , how can i do ????
Thanks,
Patrick
 
P

Paul Bergson [MVP-DS]

I'm really struggling with the language barrier, so I may not understood
your problem.

1) You should have your child domain users all use their dns services at
the location of their site. From what I can figure out, it sounds like they
are using the dns services at the root location. If this is the case, then
each child should have the root zone on their dns server and the root zone
should have all the child zones on that dns server. No additional hardware
would be required.

2) If the name server is down but the child dc server is available, then
the child client will need to point to the root dns server as a secondary on
the clients network dns configuration. The root dns server will again need
to have all child zones on the root dns server.



--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
 
P

pcnetnet

Sorry !!!
i mean my company include 4 sub-domain (uk.abc.com,th.abc.com,us.abc.com and
kr.abc.com ) and root domain (abc.com) , all location use IPVPN connect ,
dns server install in each location domain name server , so we have 5 dns
server in domain , my question is , our ERP program run on HK server (root
domain ) through citrix server . if the ipvpn connection and domain server
is normal , other location logon to erp is no problem, but when the ipvpn
connection have problem or logon server is down , the user cannot logon to
yourself domain , e.g. uk user john use erp , when john logon citrix use
choose domain uk.abc.com , is no problem , have one day , the ipvpn or
uk.abc.com domain server is down. user john is cannot logon to erp , but erp
program is no problem . my question is how to do when the vpn connection
and domain server is down , but the user john can logon the erp , Thanks,

Sorry ! maybe my english so poor , Sorry !
 
P

Paul Bergson [MVP-DS]

If John's domain server is down then John can't authenticate to the domain,
so he wouldn't be able to gain access to any domain resources. So there is
nothing you can do. I hope I understand you correctly.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Building Active Directory 1
Trust relationship 1
AD TRUST Between Domains 6
DNS on Active Directory 3
RPC Problems between DC in different sites 1
Trouble Authenticating users from trusted domains 5
Domain controllers 5
NT4 Migration: 2000 vs 2003? 1

Top