Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Computers are using the wrong Domain Controllers.

Posted on 2003-12-11
6
Medium Priority
?
808 Views
Last Modified: 2010-03-19
We have 20 campuses, and a district office. The Primary DC is at the district office, and each campus has its own backup DC, and at least 2 T1 lines running to the district office. We are running all XP pro clients and win 2003 servers in native mode. We have had problems with group policies being pushed down from the DCs. We think it is caused by latency in the wan links. When I run the “set” command and “gpresult” command I find that computers at my campus are using the DCs from other campuses. None of them are using the local DC or the primary DC at the district office. Is there a way to force the clients to use the local DC for logon and group policies?  Why wouldn't they use the local DC by default?
0
Comment
Question by:masterface
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 10

Expert Comment

by:BloodRed
ID: 9925120
I posted about it in your other thread, but how are your sites and site links configured?
0
 

Author Comment

by:masterface
ID: 9926056
I have 16 subnets/Vlans at my site; district wide there must be over a hundred. My site is 10.23.0.0 255.255.255.0. All switches in the IDFs are run with fiber to the core switch in the MDF. The District office is 10.1.0.0. 255.255.255.0, other schools follow the same 10.X.0.0 255.255.255.0. All of my servers, switches and router are on 10.23.1.X. My router has IP helper-address running to forward broadcasts to the DHCP server, and occasionally I have it forward PXE broadcasts to my Altiris server for initial deployment. I just don’t know why clients would cross the WAN to the District Office, and then cross another WAN to another school and use their DC.

0
 

Author Comment

by:masterface
ID: 9943523
I think this is happeing because our domain only has one site in AD sites and services. It is just the default-first-site-name.
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 
LVL 10

Accepted Solution

by:
BloodRed earned 2000 total points
ID: 9944657
Yeah, that could do it.  With only the default site configured, clients will try to authenticate to the DC with the highest DNS SRV record priority, which is probably not the one closest to them.  Defining sites is a way to tell AD that two there is a slow link between one location and another, or that you simply want them to look to a certain DC/GC first, clients will try to authenticate to the DC in their site to avoid authenticating across a slower WAN link.  If the DC/GC in the site fails, clients will authenticate to either the hub site's DC or another pre-configured site's DC depending on your configuration.  This prevents a client in one remote site from trying to authenticate to a DC/GC in another remote site, since that wouldn't exactly be efficient.  Here's an MS KB article that describes how AD sites tie into authentication, and how to configure the authentication to suit your needs.

http://support.microsoft.com/?kbid=306602
0
 

Author Comment

by:masterface
ID: 9965839
Well, we setup AD sites and it worked. Folder redirection works every time now too.
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 9966609
Glad to hear it's working for you!
0

Featured Post

Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question