Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 216
  • Last Modified:

Multiple Domain Controllers

I have  9 windows 2000 servers in a domain. 7 of the servers are on a wan connection. We want
the 7 locations to be able authenticate locally.  Those servers are small with a limited connection.
We don't want the remote servers authenticating for anyone but users at its location. Now
we may have users from one remote location authenticating to another remote location.
We don't mind the authenticating from the 2 servers in house, because we have multiple connections
and those servers can handle the traffic. Does that make sense?

Thanks in advance!


Larry

0
pathwayscsb
Asked:
pathwayscsb
5 Solutions
 
juraganCommented:
I believe that if you have mapped all of your IP subnets into corresponding AD sites, then the clients will be authenticated by DC in the same site.  In Windows 2003, if a subnet is not mapped to a site then the client on that subnet may get authenticated by any DC in the domain (which could be in far distance), this recorded in Event Viewer with ID 5807.

- J -
0
 
pathwayscsbAuthor Commented:
Well...I have the local pc's DNS set to the local server first. Then I have the Main Server as its alternate.
I don't have any remote pc's set to the remote servers for dns.

I am going to give you an example...may this will clear up some stuff.

Main Site

Main Server 10.1.1.20
Dns - 10.1.1.20
Secondary Main Server 10.1.1.69
Dns - 10.1.1.69

Pc's
Dns 1 - 10.1.1.20
Dns 2 - 10.1.1.69

Remote Site 1

Remote Server 1 - 10.1.8.1
Dns 1 - 10.1.1.20
Dns 2 - 10.1.8.1
Dns 3 - 10.1.9.1 (remote server 2)
Dns 4 - 10.1.10.1 (remote server 3)
Dns 5 - 10.1.11.1 (remote server 4)
all Ips of remote servers are in as DNS entries

Pc's are 10.1.8.*
Dns 1 - 10.1.8.1
Dns 2 - 10.1.1.20

Etc

Thats the way each site is laid out.
Thanks!


0
 
carl_legereCommented:
You need to configure the Active directory Sites and Services module to reflect the above subnet settings.  That and making all WAN DC's GC's then you are good to go
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Jay_Jay70Commented:
Hi pathwayscsb,

just clarify for me, how many of your Servers are Domain Controllers? do you have at least one per site?

Cheers!
0
 
pathwayscsbAuthor Commented:
Carl,
What does GC mean? Do you mean the active directory sites and services on each DC?

Jay,
There are 9 domain controllers. 2 in our main office... and then 1 in each remote site.

Thanks everyone!

0
 
Jay_Jay70Commented:
ahh in that case then i agree with carl

under sites and services you need to create a logical site for each physical site and assign the approp DC to it

also you can define subnets and assign them to a site and that will affectively force users within a certain site to authenticate to the local DC

under the NTDS settings of each DC in sites and servies you can select properties and from there make them a global catalog
0
 
pathwayscsbAuthor Commented:
Do I need to create the logical site on each server? or do I create all logical sites on the main server and it replicate
out?

Thanks again!


0
 
Jay_Jay70Commented:
once created at the root it will replicate
0
 
pathwayscsbAuthor Commented:
Ok guys... I got that done!
Thanks!!
Do I need to do anything with Site Linking?

0
 
Jay_Jay70Commented:
i usually use the site links as default unless yo specifically want something else.......KCC will automatically establish the best links for you
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now