help with authentication please (desperate)

[Guest]

Hi I have posted here before and was told that by adding separate sites would
solve this problem. We have two domain controllers in our WAN , and clients
are using either domaihn controller to authenticate and I want them to only
use their local domain controller. I have taken the previous advice to set
up separate sites but all the network devices are all on the same subnet.
How can I separate these devices into some kind of group that will sort out
this problem. I am sure it would work if they had been on different subnets.
Or if i create a second site and move
the appropriate domain controller to that site will that solve the problem.

Any help will much appreciated

Kind Regards

 

[Mohammed A. Raslan]

As far as i know, you must have different IP subnets to build sites, and if
you build sites, then each client will use the DC that is in its same site.

It seems that you are bridging both sides of the WAN and thats not a good
thing for performance.

try to add a router at your side that have 2 interfaces, assign one an IP
address from the range you are using now, and assign the second interface an
IP in another subnet, and change your entire subnet IP scheme to match the
second interface of the router, and set the default gateway for the clients
on the other side to the IP of the router's first interface. This can be
done on a Windows Server if you don't want to get neer your WAN
configuration.

There is another workaround solution by using DNS, but it's better not to
use it becuase it will probably need maintainance, that is to create 2 DNS
servers one in each site, configure each side of your WAN to use the DNS
that is in its side, then make one of the DNS server primary and the other
secondary (make the working one now primary) so that they replicate to each
other and they contain the same data, then after they replicate, change the
one that is secondary to a primary, and adjust the domain Srv record weight
and priority to give high priority to the local DC over the remote DC.

The second way is a long way and it has some drawbacks, its better to go
with Sites, it better and clean, and away from active directory, its the
correct solution and better in performance in general.

HTH
--
Yours truly,
Mohammed A. Raslan
Systems Engineer / Consultant
MCSE+I NT4, MCSA: Security , MCSE: Security, MCDBA, CCNA
Mobile: +20 (12) 36 26 112 / +965 978 1969
E-Mail: (e-mail address removed)