Solved

Active Directory Authentication

Posted on 2003-11-20
10
487 Views
Last Modified: 2010-04-14
Hey everyone
Hopefully this is an easy question, and hopefully somone can give me a simple straight answer

I got 2 sites in active directory, site A and site B.

They are connected to each other using a 256K WAN link

the domain is arranged A.com and B.A.com

I am wondering, how do i force clients to authenticate to their local domains?

Cheers :-)
0
Comment
Question by:undyshelts
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 4

Accepted Solution

by:
chaddupuis earned 50 total points
ID: 9794647
Make sure that each domain controller is a global catalogue server. That should force the client to authenticate at the closest domain controller
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9797634
If you have two domains, users authenticate to the domain their account is a part of.  If you've got one domain with two AD sites, users should authenticate to the DC in their own site first unless it is unavailable.  
0
 
LVL 6

Expert Comment

by:Casca1
ID: 9798163
Depending on the GC, of course. In order to insure your clients authenticate to the local server, a DC at each site must be configured as a GC server.
0
 
LVL 4

Expert Comment

by:chaddupuis
ID: 9800112
to add, if a DC is not configured as a global catalogue, it will not authenticate clients at all . (PERIOD)
0
 
LVL 6

Expert Comment

by:Casca1
ID: 9800413
You know, there is one thing we haven't asked about. DNS. It shouldn't be an issue, as this seems to be a straight authentication question/issue.
And while it is a little late, is there any reason for the two seperate Domains?
Just curiosity, and I realize it's really not any of my business, but with that type of setup, a single domain, with seperate sites COULD have worked, depending of course on the needs of the business.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 4

Expert Comment

by:chaddupuis
ID: 9801179
If he has his domains setup this way then DNS is functioning. Also you should make sure that when you login that you specify username@b for b.a.com and username@a for a.com. This should guarantee that you are at least login into the correct domain. Now to make sure that the DC at the local site is processing the authentication request (and not a DC for the same domain at another site) you need to make sure that you have all your sites (in active directory Sites and Services) configured correctly and most importantly, like I alreadymentioned, you must have that DC specified as a globla catalogue server.
0
 
LVL 1

Author Comment

by:undyshelts
ID: 9828412
thanks chaddupuis... I asked for a simple answer and u were right on the ball.. thank you..
You didn't overwhelm me with Active Directory jargon (which is shocking because i've only stated learning AD)..

Thanks again! :-)
0
 
LVL 4

Expert Comment

by:chaddupuis
ID: 9829516
Not a Problem, how did it go by the way?
0
 
LVL 1

Author Comment

by:undyshelts
ID: 9834042
Yeah...
the question was actually for an assignment i had (going towards my qualification).
I ended up understanding how it all works and i got a very good mark for the assignment.. thanks...
0
 
LVL 4

Expert Comment

by:chaddupuis
ID: 9834456
No Problem.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now