Force authentication to a specific DC

[Tony Turner]

In an AD environment with multiple sites, all DC's are 2003, and multiple
DC's at each site, how can I force authentication to a specific domain
controller? The problem is, that our "sites" are comprised of several
different subnets for several different physical locations, so when I logon,
I am authenticating on a DC over 30 miles away when i have a valid dc not 10
feet from my desk.

Is there a registry value I can modify to fix this? Would be an easy matter
to deploy a script or policy to make these changes on a widespread basis if
so. And yes, we should probably break up our sites for site to site AD
replication to resolve the issue, but at this time that is not an option.

 

[Mark Renoden [MSFT]]

Hi Tony

Why isn't it an option? This is exactly why AD sites were created. If
they're defined in a way that they correspond to your physical
infrastructure, clients authenticate with physically local DC's.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[John]

Hi Tony,
Excusme ,he is asking how to defined in a way that they correspond to a
physical location?
lets say you have :
main office A
1st Site : B
2nd Site : C
2rd Site

What is the nessary to creat a standerd connection site?


infrastructure

Hi Tony

Why isn't it an option? This is exactly why AD sites were created. If
they're defined in a way that they correspond to your physical
infrastructure, clients authenticate with physically local DC's.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

In an AD environment with multiple sites, all DC's are 2003, and multiple
DC's at each site, how can I force authentication to a specific domain
controller? The problem is, that our "sites" are comprised of several
different subnets for several different physical locations, so when I
logon,
I am authenticating on a DC over 30 miles away when i have a valid dc not
10
feet from my desk.

Is there a registry value I can modify to fix this? Would be an easy
matter
to deploy a script or policy to make these changes on a widespread basis
if
so. And yes, we should probably break up our sites for site to site AD
replication to resolve the issue, but at this time that is not an option.

 

[Andrei Ungureanu]

this is the role of the sites in AD.
If you have a preffered DC ... you can do some modification in the srv
records in the DNS .. you'll see there priority and weight (correct me if
I'm wrong)

Andrei Ungureanu
www.eventid.net

Hi Tony,
Excusme ,he is asking how to defined in a way that they correspond to a
physical location?
lets say you have :
main office A
1st Site : B
2nd Site : C
2rd Site

What is the nessary to creat a standerd connection site?


infrastructure

Hi Tony

Why isn't it an option? This is exactly why AD sites were created. If
they're defined in a way that they correspond to your physical
infrastructure, clients authenticate with physically local DC's.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

In an AD environment with multiple sites, all DC's are 2003, and
multiple
DC's at each site, how can I force authentication to a specific domain
controller? The problem is, that our "sites" are comprised of several
different subnets for several different physical locations, so when I
logon,
I am authenticating on a DC over 30 miles away when i have a valid dc
not 10
feet from my desk.

Is there a registry value I can modify to fix this? Would be an easy
matter
to deploy a script or policy to make these changes on a widespread basis
if
so. And yes, we should probably break up our sites for site to site AD
replication to resolve the issue, but at this time that is not an
option.