Solved

Active Directory Authentication

Posted on 2003-11-20
10
516 Views
Last Modified: 2010-04-14
Hey everyone
Hopefully this is an easy question, and hopefully somone can give me a simple straight answer

I got 2 sites in active directory, site A and site B.

They are connected to each other using a 256K WAN link

the domain is arranged A.com and B.A.com

I am wondering, how do i force clients to authenticate to their local domains?

Cheers :-)
0
Comment
Question by:undyshelts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 4

Accepted Solution

by:
chaddupuis earned 50 total points
ID: 9794647
Make sure that each domain controller is a global catalogue server. That should force the client to authenticate at the closest domain controller
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9797634
If you have two domains, users authenticate to the domain their account is a part of.  If you've got one domain with two AD sites, users should authenticate to the DC in their own site first unless it is unavailable.  
0
 
LVL 6

Expert Comment

by:Casca1
ID: 9798163
Depending on the GC, of course. In order to insure your clients authenticate to the local server, a DC at each site must be configured as a GC server.
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 4

Expert Comment

by:chaddupuis
ID: 9800112
to add, if a DC is not configured as a global catalogue, it will not authenticate clients at all . (PERIOD)
0
 
LVL 6

Expert Comment

by:Casca1
ID: 9800413
You know, there is one thing we haven't asked about. DNS. It shouldn't be an issue, as this seems to be a straight authentication question/issue.
And while it is a little late, is there any reason for the two seperate Domains?
Just curiosity, and I realize it's really not any of my business, but with that type of setup, a single domain, with seperate sites COULD have worked, depending of course on the needs of the business.
0
 
LVL 4

Expert Comment

by:chaddupuis
ID: 9801179
If he has his domains setup this way then DNS is functioning. Also you should make sure that when you login that you specify username@b for b.a.com and username@a for a.com. This should guarantee that you are at least login into the correct domain. Now to make sure that the DC at the local site is processing the authentication request (and not a DC for the same domain at another site) you need to make sure that you have all your sites (in active directory Sites and Services) configured correctly and most importantly, like I alreadymentioned, you must have that DC specified as a globla catalogue server.
0
 
LVL 1

Author Comment

by:undyshelts
ID: 9828412
thanks chaddupuis... I asked for a simple answer and u were right on the ball.. thank you..
You didn't overwhelm me with Active Directory jargon (which is shocking because i've only stated learning AD)..

Thanks again! :-)
0
 
LVL 4

Expert Comment

by:chaddupuis
ID: 9829516
Not a Problem, how did it go by the way?
0
 
LVL 1

Author Comment

by:undyshelts
ID: 9834042
Yeah...
the question was actually for an assignment i had (going towards my qualification).
I ended up understanding how it all works and i got a very good mark for the assignment.. thanks...
0
 
LVL 4

Expert Comment

by:chaddupuis
ID: 9834456
No Problem.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Originally, this post was published on Monitis Blog, you can check it here . Websites are getting bigger and more complicated by the day. Video, images and custom fonts are all great for showcasing your product or service. But the price to pay in…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question