[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 246
  • Last Modified:

User logins not authenticating by all domain controllers

I have 2 Windows 2000 Server domain controllers at my company (TMIDC1 and TMIDC2). TMIDC2 is old and I replaced it a short time ago. We named the new server TMIDC3. It replicated with DC1 & 2 just fine, so we figured we could now turn off TMIDC2 and nobody would care, however when we did that certain users could not get logged in. Once we turned TMIDC2 back on they logged in just fine. My question is this...how can I tell (from a users PC) what domain controller it's trying to log into? I'm thinking that if I find the PCs that are trying to log into TMIDC2 and change that to TMIDC1 then they will be able to log in once I turn off TMIDC2.

The other question I have is, even if TMIDC2 is off, I always assumed that the user should get authenticated by either TMIDC1 or TMIDC3, but that is not happening. There is nothing running on TMIDC2 that TMIDC1 doesn't have running as well. Any ideas?

thanks in advance.
-Bob
0
bobrossi56
Asked:
bobrossi56
1 Solution
 
Chris DentPowerShell DeveloperCommented:
> how can I tell (from a users PC) what domain controller it's trying to log into?

At the command prompt do:

echo %logonserver%

And it'll show you exactly which they're trying to use.

But... they should be able to log onto any DC. That they can't suggests maybe you possibly have a name resolution problem; how is DNS configured for those clients?

HTH

Chris
0
 
marine7275Commented:
DNS brother. You got to have those client statically assigned to the #2 server.

FLush DNS
0
 
prashsaxCommented:
You cannot just turnoff a DC and assume it is removed.

First you need to check, if this DC is holding any FSMO roles.

If yes, then you need to transfer them to another DC.

Then run DCPROMO again on DC2.

This will remove all the entries of DC2 from AD, and gracefully remove it from the Active Directory.

The problem you are facing could be due to DC2 is holding some FSMO roles. First transfer them to other DC.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now