Solved

Control which DC authenticates a logon request

Posted on 2004-10-21
353 Views
Last Modified: 2010-04-19
We have 12 offices connected via a frame relay WAN.  Each office has a local 2k3 DC.   When users log in, I notice that the logon server can be any of the DCs in the WAN.  How can I control which servers authenticate which offices?  Do I have to use sites to do this?  
0
Question by:shanna1017
    5 Comments
     
    LVL 21

    Expert Comment

    by:marc_nivens
    Using sites will accomplish this.  Make sure that at least one DC in each site is a GC as well.
    0
     

    Author Comment

    by:shanna1017
    Thanks for the quick response marc.  So without using sites there's no way to do this?  

    Also how do I make a server a global catalog server?
    0
     
    LVL 21

    Accepted Solution

    by:
    Sites are the only way to do this natively.  To make a server a GC, open AD Sites and Services, go under the site in question, and expand the server until you see NTDS Settings.  Right click on NTDS Settings and go to properties, check the Global Catalog box.
    0
     

    Author Comment

    by:shanna1017
    I'll give that a try.  Thanks!
    0
     

    Expert Comment

    by:jberg69
    Also, you need to create site links.  My personal opinion is to create a a site link that connects just two sites.  That way you can assign a cost to the link and control where users will login to if their GC is done.

    For example, let's say that I have several offices around the state, one in Portland, one in Salem, one in Eugene, and one in Bend.  The Salem site may have WAN lines connecting it to Bend and Portland, but the bandwidth is better to Portland.  I would create a site link that connects Salem to Portland and assign it a cost of 50 and create a site link that connects Salem and Bend and assign it a cost of 100.  That way your users would always go to Portland for authentication if the Salem GC was down (unless the Portland link was also down)

    Also, don't make your infrastructe master the GC.  To view your infrastructure master, open AD Users and Computer and right click the domain container and select Operations Masters.  You will have replication issues if you make the infrastructure master a GC.

    Depending on how large your sites are, you can also use the new Universal Group Caching feature.  If your sites are less than 75 users, write back and I'll tell you more about that.

    Good luck.

    Jason
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Learn The Basics of Ethical Hacking & Pen Testing

    Computer and network security is one of the fastest growing and most essential industries in technology, meaning companies will pay big bucks for ethical hackers. This is the perfect course to leap into this lucrative career, learning how to use ethical hacking to reveal ...

    This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    This video discusses moving either the default database or any database to a new volume.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now