Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Computers are using the wrong Domain Controllers.

Posted on 2003-12-11
6
799 Views
Last Modified: 2010-03-19
We have 20 campuses, and a district office. The Primary DC is at the district office, and each campus has its own backup DC, and at least 2 T1 lines running to the district office. We are running all XP pro clients and win 2003 servers in native mode. We have had problems with group policies being pushed down from the DCs. We think it is caused by latency in the wan links. When I run the “set” command and “gpresult” command I find that computers at my campus are using the DCs from other campuses. None of them are using the local DC or the primary DC at the district office. Is there a way to force the clients to use the local DC for logon and group policies?  Why wouldn't they use the local DC by default?
0
Comment
Question by:masterface
  • 3
  • 3
6 Comments
 
LVL 10

Expert Comment

by:BloodRed
ID: 9925120
I posted about it in your other thread, but how are your sites and site links configured?
0
 

Author Comment

by:masterface
ID: 9926056
I have 16 subnets/Vlans at my site; district wide there must be over a hundred. My site is 10.23.0.0 255.255.255.0. All switches in the IDFs are run with fiber to the core switch in the MDF. The District office is 10.1.0.0. 255.255.255.0, other schools follow the same 10.X.0.0 255.255.255.0. All of my servers, switches and router are on 10.23.1.X. My router has IP helper-address running to forward broadcasts to the DHCP server, and occasionally I have it forward PXE broadcasts to my Altiris server for initial deployment. I just don’t know why clients would cross the WAN to the District Office, and then cross another WAN to another school and use their DC.

0
 

Author Comment

by:masterface
ID: 9943523
I think this is happeing because our domain only has one site in AD sites and services. It is just the default-first-site-name.
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 10

Accepted Solution

by:
BloodRed earned 500 total points
ID: 9944657
Yeah, that could do it.  With only the default site configured, clients will try to authenticate to the DC with the highest DNS SRV record priority, which is probably not the one closest to them.  Defining sites is a way to tell AD that two there is a slow link between one location and another, or that you simply want them to look to a certain DC/GC first, clients will try to authenticate to the DC in their site to avoid authenticating across a slower WAN link.  If the DC/GC in the site fails, clients will authenticate to either the hub site's DC or another pre-configured site's DC depending on your configuration.  This prevents a client in one remote site from trying to authenticate to a DC/GC in another remote site, since that wouldn't exactly be efficient.  Here's an MS KB article that describes how AD sites tie into authentication, and how to configure the authentication to suit your needs.

http://support.microsoft.com/?kbid=306602
0
 

Author Comment

by:masterface
ID: 9965839
Well, we setup AD sites and it worked. Folder redirection works every time now too.
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9966609
Glad to hear it's working for you!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question