authenticating domain controller

[johnstep]

I have three domain controllers, two are Global Catalog server, how can I
tell which one is the authenticating domain controller? How can I change
the authenticating domain controller to another server that has Active
Directory on it?

 

[Simon Geary]

You can tell which DC a particular client has authenticated against by
running "set L" at the command line.

The DC used for authentication is determined by the configuration of your AD
Sites & Subnets and in DNS, there is no easy option to force clients to use
a particular DC although it can be done with some tweaking of the above.
This has more information http://support.microsoft.com/?id=247811

 

[Cary Shultz [A.D. MVP]]

In addition to what Simon wrote ( about the 'set l' command on the clients )
you would need to look into your Forward Lookup Zone on DNS Server. Each
Domain Controller record has a couple of values....specifically the Priority
and Weight values.

By default, the Priority value will be [0] for all DNS Servers and the
Weight value will be [100] for all DNS Servers. If you were to want DC01 to
authenticate 4x as many authentication requests as DC02 then you would need
to keep the Priority value at [0] for both of them but change the weight.
DC01 would need to have a value of [80] while DC02 would need to have a
value of [20].

The pecking order is that all clients will authenticate against the DC with
the lowest Priority value. In the case that there are several DCs with the
same value, then the Weight value comes into play.

By default, if you have two Domain Controllers running DNS then there would
be approx. a 50/50 balance. Were you to have three Domain Controllers
running DNS then there would be approx. a 33/33/33 balance.

HTH,

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com

 

[Cary Shultz [A.D. MVP]]

Should have added that you need to ensure that you have set up Active
Directory Sites correctly and that you have created the Subnets correctly
and that you have associated each Subnet with the correct Site.....

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com

In addition to what Simon wrote ( about the 'set l' command on the
clients ) you would need to look into your Forward Lookup Zone on DNS
Server. Each Domain Controller record has a couple of
values....specifically the Priority and Weight values.

By default, the Priority value will be [0] for all DNS Servers and the
Weight value will be [100] for all DNS Servers. If you were to want DC01
to authenticate 4x as many authentication requests as DC02 then you would
need to keep the Priority value at [0] for both of them but change the
weight. DC01 would need to have a value of [80] while DC02 would need to
have a value of [20].

The pecking order is that all clients will authenticate against the DC
with the lowest Priority value. In the case that there are several DCs
with the same value, then the Weight value comes into play.

By default, if you have two Domain Controllers running DNS then there
would be approx. a 50/50 balance. Were you to have three Domain
Controllers running DNS then there would be approx. a 33/33/33 balance.

HTH,

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com

I have three domain controllers, two are Global Catalog server, how can I
tell which one is the authenticating domain controller? How can I change
the authenticating domain controller to another server that has Active
Directory on it?

 

[Guest]

Very interesting process / ANother question on the same lines

how will the clients or DC's mainitain the balance / meaning if a client's
query has resulted in 2 DC's with both same weight and priority, what is the
mechanism that determines which dc will be used for authentication ?

Also if the DC's are not GC's is there any relevance or any preference that
a client will choose ?

Thanks in advance
--
Patilp

Should have added that you need to ensure that you have set up Active
Directory Sites correctly and that you have created the Subnets correctly
and that you have associated each Subnet with the correct Site.....

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com

In addition to what Simon wrote ( about the 'set l' command on the
clients ) you would need to look into your Forward Lookup Zone on DNS
Server. Each Domain Controller record has a couple of
values....specifically the Priority and Weight values.

By default, the Priority value will be [0] for all DNS Servers and the
Weight value will be [100] for all DNS Servers. If you were to want DC01
to authenticate 4x as many authentication requests as DC02 then you would
need to keep the Priority value at [0] for both of them but change the
weight. DC01 would need to have a value of [80] while DC02 would need to
have a value of [20].

The pecking order is that all clients will authenticate against the DC
with the lowest Priority value. In the case that there are several DCs
with the same value, then the Weight value comes into play.

By default, if you have two Domain Controllers running DNS then there
would be approx. a 50/50 balance. Were you to have three Domain
Controllers running DNS then there would be approx. a 33/33/33 balance.

HTH,

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com

I have three domain controllers, two are Global Catalog server, how can I
tell which one is the authenticating domain controller? How can I change
the authenticating domain controller to another server that has Active
Directory on it?