Solved

My users are logged in by a DC/GC accross the WAN when a local one is available

Posted on 2003-10-27
9
260 Views
Last Modified: 2010-04-14
Environment -- Windows 2000 Server SP4 (Native)

When some of my corporate office users login they are logged in by a DC/GC that is located in another office accross the WAN...

Why does this occur when we have a local DC/GC at the corporate office???

I think this is somehow related -- Sometimes when Outlook requests data from the exchange server... it requests data from a GC accross the WAN that isn't even an Exchange server!?!?

Can anyone assist with this?

Thanks in advance for your assistance,

Joe
0
Comment
Question by:Joe_C
  • 5
  • 4
9 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 9629883
Check to make sure your subnets are setup correctly in AD Sites and Services.
0
 

Author Comment

by:Joe_C
ID: 9629971
Thanks for your suggesstion...

My environment has one site (corporate-site) with three subnets...

Example of one of my subnets:

192.168.110.0/24 (linked to the corporate site)

I believe I have them setup correctly...

But... you have just made me notice something new!!

When I click on "Corporate-Site" I see the following on the right hand side of the screen...

Servers Folder
Licensing Site Settings
NTDS Site Settings
TS-Enterprise-License-Server

Under the "NTDS Site Settings" properties, I see that one of my branch office servers is the server responsible for the Corporate-Site Inter-Site Topology Generator.

My feeling is that there is something wrong with that... what do you think???

Thanks again,

Joe
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 9633275
Yes, the Inter-Site Topology Generator should be a Domain Controller that resides in the local site.

In other words, a Domain Controller in the "Corporate-Site" should be the Inter-Site Topology Generator for the "Corporate-Site".

Do you have your locations setup as individual sites in AD Sites and Services with their proper subnets setup for each site?  AD Sites and Services will use the subnet information to determine the location of the Domain Controllers based on their IP configuration.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:Joe_C
ID: 9633627
OK, but it will not let me change it... I would have to delete the "NTDS Site Settings" object and then recreate it.  I always get a little uneasy with things like this... Is it reversable?

Would a remote ISTG cause this, or, is it more involved?

I did place a call with Microsoft a while ago and they indicated that I only needed one domain with one site, so I configured my environment as follows (per their recomendation):

I have one site - "Corporate-Site" which consists of the corporate office and two branch offices connected via site to site VPN's.  All FSMO roles are held at the corporate office.  Each branch office has a DC/GC Server running AD Integrated DNS, WINS & DHCP.  Branch office servers have WINS configured to push/pull with a server at the corporate office.  All client computers obtain TCP/IP settings via the local DHCP Server.  All client computers point to a local DNS server as their primary and a corporate DNS server as their secondary.  All DNS servers themselves are configured with a minimum of two forwarders.

Of course, Microsoft could be wrong...

Do you, or, anyone else out there suggest that I break my organization up into multiple sites so that I can set the cost based on subnet? or, (as per Microsoft) should it be ok that I have one site with multiple subnets listed?

Thanks again...
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 9633776
Well that is exactly why some users are being authenticated by DC's in your branch offices.  As far as AD is concerned, all the DC's are in the same local physical site.  If you were to have a site for the corporate office and a site for each branch office with their own local subnet and DC, authentication would then take place at each local physical site.

Not sure though how difficult or what is involved in changing around the site configuration and how it will impact your AD structure.  I would consult Microsoft or someone with more knowledge than myself on how to proceed.

I would setup a site for each physical location. Seems like a better solution than having all in one site...IMHO.

0
 

Author Comment

by:Joe_C
ID: 9636842
Well... I just went ahead and created two more sites and moved the DC's with associated subnets into those sites.  I probably should have consulted someone, but... oh well.

Now I'm just waiting for the KCC to run again so that I can see what it creates... do you know of a way to force the KCC to run?

I'll know tomorrow...

Thanks again!
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 9636883
You can try the below command or just wait for it to take place on its own...

The link is the full article on the repadmin command.

repadmin /kcc <DCname>

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnw2kmag01/html/ForcingADReplication.asp
0
 

Author Comment

by:Joe_C
ID: 9650214
I think I'm good...

Final Resolution:

Corporate-Site = A
Branch-Site1 = B
Branch-Site2 = C

NOTE: This is not a fully routable WAN - There is a VPN between the Corporate Site and each branch, but, not branch to branch (B to C).

So, deleted the DefaultIPSiteLink and created the following Site Links:

A to B Site Link
A to C Site Link

AB to AC Site Link Bridge

And I disabled "Bridge all Site Links" checkbox.

Looks like it's working...

Thanks for all you're help!

Joe
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 9650238
You're welcome, glad to hear its working!

Sounds like you set it up nicely!
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Win 2000 Pro - RDP Connection 2008 R2 Terminal Service 4 535
Just changed my 2000 Server DCs IP now what 3 402
Windows WEb Server sp2 13 520
Active Directory Replication 10 1,139
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question