Control which DC authenticates a logon request

We have 12 offices connected via a frame relay WAN.  Each office has a local 2k3 DC.   When users log in, I notice that the logon server can be any of the DCs in the WAN.  How can I control which servers authenticate which offices?  Do I have to use sites to do this?  
Who is Participating?
marc_nivensConnect With a Mentor Commented:
Sites are the only way to do this natively.  To make a server a GC, open AD Sites and Services, go under the site in question, and expand the server until you see NTDS Settings.  Right click on NTDS Settings and go to properties, check the Global Catalog box.
Using sites will accomplish this.  Make sure that at least one DC in each site is a GC as well.
shanna1017Author Commented:
Thanks for the quick response marc.  So without using sites there's no way to do this?  

Also how do I make a server a global catalog server?
shanna1017Author Commented:
I'll give that a try.  Thanks!
Also, you need to create site links.  My personal opinion is to create a a site link that connects just two sites.  That way you can assign a cost to the link and control where users will login to if their GC is done.

For example, let's say that I have several offices around the state, one in Portland, one in Salem, one in Eugene, and one in Bend.  The Salem site may have WAN lines connecting it to Bend and Portland, but the bandwidth is better to Portland.  I would create a site link that connects Salem to Portland and assign it a cost of 50 and create a site link that connects Salem and Bend and assign it a cost of 100.  That way your users would always go to Portland for authentication if the Salem GC was down (unless the Portland link was also down)

Also, don't make your infrastructe master the GC.  To view your infrastructure master, open AD Users and Computer and right click the domain container and select Operations Masters.  You will have replication issues if you make the infrastructure master a GC.

Depending on how large your sites are, you can also use the new Universal Group Caching feature.  If your sites are less than 75 users, write back and I'll tell you more about that.

Good luck.

All Courses

From novice to tech pro — start learning today.