jefmik
asked on
Specify login server for Win2000pro clients in 2000 Native domain
Is there a way to use Group Policy to specify that PC's (and associated user logging in) login to a specific domain controller? I want to apply it to the PC's in Active directory, so I planned on using the Computer Configuration area in GP. I just haven't been able to find a way to specify it. I am trying to balance the logon load among DC's in a single domain AD environment with one site and 3 DC's.
Normally, you should not need to worry about this. The load on your DCs should be fairly even. However, if you find that one DC is heavily loaded (this is often called "piling on") have a look to see of one of the following scenarios applies to you: http://support.microsoft.com/default.aspx?scid=kb;en-us;305027
ASKER
None of those scenarios apply to my situation. I reviewed that and my logs, etc. prior to submitting my question.
I have a Domain controller policy in force to set the log size and what info is captured. Besides physically watching PC's connect to one more frequently, the Security log files are growing in a disproprtionate fashion. The DC in question is not a FSMO role holder or a GCS either.
I have a Domain controller policy in force to set the log size and what info is captured. Besides physically watching PC's connect to one more frequently, the Security log files are growing in a disproprtionate fashion. The DC in question is not a FSMO role holder or a GCS either.
Do you know if your DNS is using round-robin? Have a look at
http://www.windowsitpro.com/Article/ArticleID/13509/13509.html
and
http://support.microsoft.com/kb/177883/EN-US/
http://www.windowsitpro.com/Article/ArticleID/13509/13509.html
and
http://support.microsoft.com/kb/177883/EN-US/
ASKER
Yes, it is using round robin and netmask ordering, which is enabled by default on the 2000 DNS servers. However, I don't have any multi-homed Servers or clients which it seems this is intended to address. I would disable these but I don't see how that would impact this scenario. Is it accurate to say I cannot force clients to a specific logon server using AD & GP?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Only one GC and that isn't it. I see what you mean about the sites. Too messy, think I'll just monitor it closely and wait until I our next DC promotion/demotion to address. Thanks.
But you have netmask enabled? Have you tried disabling netmask to see if the round-robin goes into effect?
To verify if round-robin is working:
- IPCONFIG /FLUSHDNS (to flush local client cache)
- NSLOOKUP YOUR.DOMAIN.NAME (you should get the IP addresses of your 3 DCs)
Repeat this several times....you should get the 3 addresses in different orders.
To verify if round-robin is working:
- IPCONFIG /FLUSHDNS (to flush local client cache)
- NSLOOKUP YOUR.DOMAIN.NAME (you should get the IP addresses of your 3 DCs)
Repeat this several times....you should get the 3 addresses in different orders.
ASKER
OK, I see it is yet another gliche in MS default setup. I unchecked netmask and it reacts as you indicated is should.
Thanks!
Thanks!