Multiple Domain Controllers

I have  9 windows 2000 servers in a domain. 7 of the servers are on a wan connection. We want
the 7 locations to be able authenticate locally.  Those servers are small with a limited connection.
We don't want the remote servers authenticating for anyone but users at its location. Now
we may have users from one remote location authenticating to another remote location.
We don't mind the authenticating from the 2 servers in house, because we have multiple connections
and those servers can handle the traffic. Does that make sense?

Thanks in advance!


Larry

LVL 1
pathwayscsbAsked:
Who is Participating?
 
Jay_Jay70Commented:
ahh in that case then i agree with carl

under sites and services you need to create a logical site for each physical site and assign the approp DC to it

also you can define subnets and assign them to a site and that will affectively force users within a certain site to authenticate to the local DC

under the NTDS settings of each DC in sites and servies you can select properties and from there make them a global catalog
0
 
juraganCommented:
I believe that if you have mapped all of your IP subnets into corresponding AD sites, then the clients will be authenticated by DC in the same site.  In Windows 2003, if a subnet is not mapped to a site then the client on that subnet may get authenticated by any DC in the domain (which could be in far distance), this recorded in Event Viewer with ID 5807.

- J -
0
 
pathwayscsbAuthor Commented:
Well...I have the local pc's DNS set to the local server first. Then I have the Main Server as its alternate.
I don't have any remote pc's set to the remote servers for dns.

I am going to give you an example...may this will clear up some stuff.

Main Site

Main Server 10.1.1.20
Dns - 10.1.1.20
Secondary Main Server 10.1.1.69
Dns - 10.1.1.69

Pc's
Dns 1 - 10.1.1.20
Dns 2 - 10.1.1.69

Remote Site 1

Remote Server 1 - 10.1.8.1
Dns 1 - 10.1.1.20
Dns 2 - 10.1.8.1
Dns 3 - 10.1.9.1 (remote server 2)
Dns 4 - 10.1.10.1 (remote server 3)
Dns 5 - 10.1.11.1 (remote server 4)
all Ips of remote servers are in as DNS entries

Pc's are 10.1.8.*
Dns 1 - 10.1.8.1
Dns 2 - 10.1.1.20

Etc

Thats the way each site is laid out.
Thanks!


0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

 
carl_legereCommented:
You need to configure the Active directory Sites and Services module to reflect the above subnet settings.  That and making all WAN DC's GC's then you are good to go
0
 
Jay_Jay70Commented:
Hi pathwayscsb,

just clarify for me, how many of your Servers are Domain Controllers? do you have at least one per site?

Cheers!
0
 
pathwayscsbAuthor Commented:
Carl,
What does GC mean? Do you mean the active directory sites and services on each DC?

Jay,
There are 9 domain controllers. 2 in our main office... and then 1 in each remote site.

Thanks everyone!

0
 
pathwayscsbAuthor Commented:
Do I need to create the logical site on each server? or do I create all logical sites on the main server and it replicate
out?

Thanks again!


0
 
Jay_Jay70Commented:
once created at the root it will replicate
0
 
pathwayscsbAuthor Commented:
Ok guys... I got that done!
Thanks!!
Do I need to do anything with Site Linking?

0
 
Jay_Jay70Commented:
i usually use the site links as default unless yo specifically want something else.......KCC will automatically establish the best links for you
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.