Force client to authenticate against specific DC

G

Guest

I have a remote site that has local DC in that site and I would like to force
all the W2K clients in that site to authenticate to that DC when they login
to the domain in the morning. Can someone tell me if there is a way or not.

Thanks
 
H

Herb Martin

Ashraf said:
I have a remote site that has local DC in that site and I would like to force
all the W2K clients in that site to authenticate to that DC
Click to expand...

You cannot directly do that, and should not try, but....
when they login
to the domain in the morning. Can someone tell me if there is a way or
Click to expand...
not.

You can and should ENCOURAGE the clients to use the
local DC which they will if you setup your SITES in
AD Sites and Services.

Clients on a site (an IP among the site's subnets) will
strongly prefer a local DC but attempt to find another
when that one is down, even if they must go offsite.

Do you have your OWN sites defined?

Go into AD Sites and Services.

1) Create the new SITE.

2) Optionally Rename the default first site to
indicate the real name of your main location.

3) Create a SUBNET (or subnets) for each location
and assign each to the proper site

4) Create a SITE LINK from each site to at least one
other site so that all sites are interconnected either
directly or indirectly but so there are no islands
that cannot reach the rest of the sites.
Optionally adjust:
a) Schedule (hours when replication is permitted)
b) Frequency (how often DC can replicate across site links)
c) Cost (only relevant if you have more than one site link
and really only if you have multiple pathways for
replication.)

(Let it all replicate).

5) Move the remote DC to it's proper site
(you might run DCDiag on the moved DC to see if it has
updated DNS correctly -- or even stop/start the NetLogon
service on that DC to remind it to re-register with DNS --
if everything goes right, it will list itself in the proper
_SiteName subdomains in your DNS .)

After this whole think replicates, you will find that local
clients will prefer the "own" local DC in the same site.
 
P

ptwilliams

The other important thing to remember when localising traffic is to ensure
that there's a local (to the site) DNS server that the local clients point
to (not an absolute need, but 99.9% recommended).

This DC should obviously be a GC too.

There is a way to kind of force preference to one DC over another, but I
won't go into that. Correctly configuring AD Sites (and DNS) will do this
for you ;-)

--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

Ashraf said:
I have a remote site that has local DC in that site and I would like to force
all the W2K clients in that site to authenticate to that DC
Click to expand...

You cannot directly do that, and should not try, but....
when they login
to the domain in the morning. Can someone tell me if there is a way or
Click to expand...
not.

You can and should ENCOURAGE the clients to use the
local DC which they will if you setup your SITES in
AD Sites and Services.

Clients on a site (an IP among the site's subnets) will
strongly prefer a local DC but attempt to find another
when that one is down, even if they must go offsite.

Do you have your OWN sites defined?

Go into AD Sites and Services.

1) Create the new SITE.

2) Optionally Rename the default first site to
indicate the real name of your main location.

3) Create a SUBNET (or subnets) for each location
and assign each to the proper site

4) Create a SITE LINK from each site to at least one
other site so that all sites are interconnected either
directly or indirectly but so there are no islands
that cannot reach the rest of the sites.
Optionally adjust:
a) Schedule (hours when replication is permitted)
b) Frequency (how often DC can replicate across site links)
c) Cost (only relevant if you have more than one site link
and really only if you have multiple pathways for
replication.)

(Let it all replicate).

5) Move the remote DC to it's proper site
(you might run DCDiag on the moved DC to see if it has
updated DNS correctly -- or even stop/start the NetLogon
service on that DC to remind it to re-register with DNS --
if everything goes right, it will list itself in the proper
_SiteName subdomains in your DNS .)

After this whole think replicates, you will find that local
clients will prefer the "own" local DC in the same site.
 
G

Guest

I actually thought of moving the domain controller from one site to another,
but I'm little bit histant in doing that. I have two subnets under my sites
and services and both of them are assigned to one Site. I'm planning to
create new Site and assigne it to my remote site subnet and then do a move
for the domain controller that is in the remote site and has an IP address of
the remote site's subnet. Would you think that this will work?
 
P

ptwilliams

It's fine to move DCs between sites. So, by that logic, it's fine to build
DCs at one site and move them to wherever they're meant to go. There's a
couple of considerations and things you have to do though. I've briefly
discussed this here:
-- http://www.msresource.net/content/view/22/47/


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

I actually thought of moving the domain controller from one site to another,
but I'm little bit histant in doing that. I have two subnets under my sites
and services and both of them are assigned to one Site. I'm planning to
create new Site and assigne it to my remote site subnet and then do a move
for the domain controller that is in the remote site and has an IP address
of
the remote site's subnet. Would you think that this will work?
 
G

Guest

Thanks you very much for all the help

ptwilliams said:
It's fine to move DCs between sites. So, by that logic, it's fine to build
DCs at one site and move them to wherever they're meant to go. There's a
couple of considerations and things you have to do though. I've briefly
discussed this here:
-- http://www.msresource.net/content/view/22/47/


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

I actually thought of moving the domain controller from one site to another,
but I'm little bit histant in doing that. I have two subnets under my sites
and services and both of them are assigned to one Site. I'm planning to
create new Site and assigne it to my remote site subnet and then do a move
for the domain controller that is in the remote site and has an IP address
of
the remote site's subnet. Would you think that this will work?
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

URGENT!!!! Can't Authenticate With Domain Controller 2
Force a DC to authenticate 2
force authenticate to local DC server 2
DC Apparently lost authentication to domain 9
W2k/3 - AD - Referral Message for Client which is moving from Site A to B 2
Providing site redundancy for clients 3
Wrong DC's for _ldap and _kerberos in sites. 1
Authentication of user accounts between domain controllers 2

Top