Solved

Computers are using the wrong Domain Controllers.

Posted on 2003-12-11
6
794 Views
Last Modified: 2010-03-19
We have 20 campuses, and a district office. The Primary DC is at the district office, and each campus has its own backup DC, and at least 2 T1 lines running to the district office. We are running all XP pro clients and win 2003 servers in native mode. We have had problems with group policies being pushed down from the DCs. We think it is caused by latency in the wan links. When I run the “set” command and “gpresult” command I find that computers at my campus are using the DCs from other campuses. None of them are using the local DC or the primary DC at the district office. Is there a way to force the clients to use the local DC for logon and group policies?  Why wouldn't they use the local DC by default?
0
Comment
Question by:masterface
  • 3
  • 3
6 Comments
 
LVL 10

Expert Comment

by:BloodRed
ID: 9925120
I posted about it in your other thread, but how are your sites and site links configured?
0
 

Author Comment

by:masterface
ID: 9926056
I have 16 subnets/Vlans at my site; district wide there must be over a hundred. My site is 10.23.0.0 255.255.255.0. All switches in the IDFs are run with fiber to the core switch in the MDF. The District office is 10.1.0.0. 255.255.255.0, other schools follow the same 10.X.0.0 255.255.255.0. All of my servers, switches and router are on 10.23.1.X. My router has IP helper-address running to forward broadcasts to the DHCP server, and occasionally I have it forward PXE broadcasts to my Altiris server for initial deployment. I just don’t know why clients would cross the WAN to the District Office, and then cross another WAN to another school and use their DC.

0
 

Author Comment

by:masterface
ID: 9943523
I think this is happeing because our domain only has one site in AD sites and services. It is just the default-first-site-name.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 10

Accepted Solution

by:
BloodRed earned 500 total points
ID: 9944657
Yeah, that could do it.  With only the default site configured, clients will try to authenticate to the DC with the highest DNS SRV record priority, which is probably not the one closest to them.  Defining sites is a way to tell AD that two there is a slow link between one location and another, or that you simply want them to look to a certain DC/GC first, clients will try to authenticate to the DC in their site to avoid authenticating across a slower WAN link.  If the DC/GC in the site fails, clients will authenticate to either the hub site's DC or another pre-configured site's DC depending on your configuration.  This prevents a client in one remote site from trying to authenticate to a DC/GC in another remote site, since that wouldn't exactly be efficient.  Here's an MS KB article that describes how AD sites tie into authentication, and how to configure the authentication to suit your needs.

http://support.microsoft.com/?kbid=306602
0
 

Author Comment

by:masterface
ID: 9965839
Well, we setup AD sites and it worked. Folder redirection works every time now too.
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9966609
Glad to hear it's working for you!
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Join & Write a Comment

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now