Solved

Computers are using the wrong Domain Controllers.

Posted on 2003-12-11
6
806 Views
Last Modified: 2010-03-19
We have 20 campuses, and a district office. The Primary DC is at the district office, and each campus has its own backup DC, and at least 2 T1 lines running to the district office. We are running all XP pro clients and win 2003 servers in native mode. We have had problems with group policies being pushed down from the DCs. We think it is caused by latency in the wan links. When I run the “set” command and “gpresult” command I find that computers at my campus are using the DCs from other campuses. None of them are using the local DC or the primary DC at the district office. Is there a way to force the clients to use the local DC for logon and group policies?  Why wouldn't they use the local DC by default?
0
Comment
Question by:masterface
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 10

Expert Comment

by:BloodRed
ID: 9925120
I posted about it in your other thread, but how are your sites and site links configured?
0
 

Author Comment

by:masterface
ID: 9926056
I have 16 subnets/Vlans at my site; district wide there must be over a hundred. My site is 10.23.0.0 255.255.255.0. All switches in the IDFs are run with fiber to the core switch in the MDF. The District office is 10.1.0.0. 255.255.255.0, other schools follow the same 10.X.0.0 255.255.255.0. All of my servers, switches and router are on 10.23.1.X. My router has IP helper-address running to forward broadcasts to the DHCP server, and occasionally I have it forward PXE broadcasts to my Altiris server for initial deployment. I just don’t know why clients would cross the WAN to the District Office, and then cross another WAN to another school and use their DC.

0
 

Author Comment

by:masterface
ID: 9943523
I think this is happeing because our domain only has one site in AD sites and services. It is just the default-first-site-name.
0
Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

 
LVL 10

Accepted Solution

by:
BloodRed earned 500 total points
ID: 9944657
Yeah, that could do it.  With only the default site configured, clients will try to authenticate to the DC with the highest DNS SRV record priority, which is probably not the one closest to them.  Defining sites is a way to tell AD that two there is a slow link between one location and another, or that you simply want them to look to a certain DC/GC first, clients will try to authenticate to the DC in their site to avoid authenticating across a slower WAN link.  If the DC/GC in the site fails, clients will authenticate to either the hub site's DC or another pre-configured site's DC depending on your configuration.  This prevents a client in one remote site from trying to authenticate to a DC/GC in another remote site, since that wouldn't exactly be efficient.  Here's an MS KB article that describes how AD sites tie into authentication, and how to configure the authentication to suit your needs.

http://support.microsoft.com/?kbid=306602
0
 

Author Comment

by:masterface
ID: 9965839
Well, we setup AD sites and it worked. Folder redirection works every time now too.
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9966609
Glad to hear it's working for you!
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question