Logon Server

[Guest]

We have two domain controllers in our AD environment. I will call these as
DC1 and DC2. The DC2 is located in a site on a slower link and provides
authentication to the user in this site. All other users should authenticate
from DC1. But when I verify using the set cmd on a XP pro PC, I find that the
LOGON server is DC2 instead of DC1. I try setting this on the PC but reboot
and relogon again shows me the wrong logon server. How can I force all the
other users to have the logon server as DC1?

 

[Tomasz Onyszko]

We have two domain controllers in our AD environment. I will call these as
DC1 and DC2. The DC2 is located in a site on a slower link and provides
authentication to the user in this site. All other users should authenticate
from DC1. But when I verify using the set cmd on a XP pro PC, I find that the
LOGON server is DC2 instead of DC1. I try setting this on the PC but reboot
and relogon again shows me the wrong logon server. How can I force all the
other users to have the logon server as DC1?

Do You have sites and subnets created in Your AD - if no create proper
sites for Your physical location and place proper DC in each site, also
configure subnets and assign them to the sites - Your clients shuld use
logon server from their site.

 

[Guest]

Thanks for the quick suggestion
Yes, we have site and subnet defined and there exists a domain contoller in
that site. This site is on slower link. The other main domain controllers are
in the Domain Contollers container under abc.xyz.org. Now each PC has logon
server as the domain controller which is a site DC. I do not want that.
Please let me know the parameter to force this setting on all the PC at once.

Rajeev

 

[Tomasz Onyszko]

Thanks for the quick suggestion
Yes, we have site and subnet defined and there exists a domain contoller in
that site. This site is on slower link. The other main domain controllers are
in the Domain Contollers container under abc.xyz.org. Now each PC has logon
server as the domain controller which is a site DC. I do not want that.
Please let me know the parameter to force this setting on all the PC at once.

There is no such parameter or registry hack - client will choose the DC
based on the link cost - so this is controlled by site and subnets. I
don't know Your AD sites design - are he clients and DC to which You
want to point Your users on the same subnets, and if on different are
this subnets in the same site ? IS this DC placed in this site (check AD
Sites and services)

please describe:
- Your physical sites configuration
- Your AD logical sites and subnets configuration and DC placement in it

 

[Cary Shultz [A.D. MVP]]

Ranjeev,

Have you configured the Active Directory Sites and Services? Meaning, do
you have one Site for location A and the subnet(s) associated with that Site
and then another Site for location B with the subnet(s) associated with that
Site?

This will help things. However, be aware that it is not always the cure-all
as there can be 'generic' records.

HTH,

Cary

 

[Guest]

Thank you all for helping us out. I should have described this in more detail
at the first instance.
-I have this main domain tree, where I have two DCs, DC1 and DC2. All the
users and computers are still in their generic containers. Now, before we
created a site and subnet for the slower link site, everything was alright.
Everyone was pointing to DC1 or DC2.
-For the user group who were on the slower link, we created a site, subnet
and configured a DC3. All these user are having the LOGON server as DC3. This
is the only site I have in my domain tree.
Our problems started after this. I am not worried about the slower link user
for their LOGON server. I am worried about users who ARE NOT on the site
server (1000 users). These users should have LOGON server as DC1 or DC2,
instead they all have DC3 as their LOGON server after site creation. I need
to correct this and need help so that my this 1000 usere point to DC1 and DC2
and NOT to DC3.
DC3 is acting as the primary for all users. Any changes we do, take long to
get replicated to DC1 and DC2 due to the fact the DC3 is on slower link. It
should be the other way.

May be we need to bring the DC3 down for sometime and allow users to gain
the access through DC1 and DC2 and than boot up DC3 and observe again.

Thanks
Rajeev A.