preventing remote clients from logging on to local servers

[Marty]

we have a vpn tunnel seperating our home network and a
remote facility. on the remote network we have a local
domain controller for local clients, and all our other
dc's are located at the home office. the problem is, when
remote clients authenticate to the network, and get their
IP addresses from the local server, they also try to
authenticate to the home networks dc's too. how can i
prevent unnecessary logon traffic across our vpn, and
keep the remote clients from trying to connect across the
internet? Is there any way to specify a preferred logon
server for my remote clients? i heard that i may need to
prevent replication from my remote server in Sites and
Services, but I am not sure.

Thanks,

Marty
Kendall College

 

[Steven L Umbach]

Creating a site would certainly help. Sites are physical divisions of your network
based on subnets and when a site is created, a domain member will try to authenticate
with a dc in it's site first. Sites are fairly east to set up and the default
settings may work fine. Your replication between domain controllers will also be on a
schedule that you can configure to balance your needs between being current and
available bandwidth. You will also want to make your dc at the remote site a global
catalog server. The deployment guide has an excellent chapter on configuring
ites. --- Steve

http://www.microsoft.com/windows2000/techinfo/reskit/dpg/default.asp -- read chapter
nine.
http://www.microsoft.com/technet/tr.../prodtechnol/ad/windows2000/plan/bpaddsgn.asp
http://www.microsoft.com/technet/tr...l/windows2000serv/training/w2khost/w2ktad.asp