Solved

User logins not authenticating by all domain controllers

Posted on 2006-06-16
3
238 Views
Last Modified: 2010-03-19
I have 2 Windows 2000 Server domain controllers at my company (TMIDC1 and TMIDC2). TMIDC2 is old and I replaced it a short time ago. We named the new server TMIDC3. It replicated with DC1 & 2 just fine, so we figured we could now turn off TMIDC2 and nobody would care, however when we did that certain users could not get logged in. Once we turned TMIDC2 back on they logged in just fine. My question is this...how can I tell (from a users PC) what domain controller it's trying to log into? I'm thinking that if I find the PCs that are trying to log into TMIDC2 and change that to TMIDC1 then they will be able to log in once I turn off TMIDC2.

The other question I have is, even if TMIDC2 is off, I always assumed that the user should get authenticated by either TMIDC1 or TMIDC3, but that is not happening. There is nothing running on TMIDC2 that TMIDC1 doesn't have running as well. Any ideas?

thanks in advance.
-Bob
0
Comment
Question by:bobrossi56
3 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 16920269
> how can I tell (from a users PC) what domain controller it's trying to log into?

At the command prompt do:

echo %logonserver%

And it'll show you exactly which they're trying to use.

But... they should be able to log onto any DC. That they can't suggests maybe you possibly have a name resolution problem; how is DNS configured for those clients?

HTH

Chris
0
 
LVL 13

Expert Comment

by:marine7275
ID: 16920408
DNS brother. You got to have those client statically assigned to the #2 server.

FLush DNS
0
 
LVL 13

Accepted Solution

by:
prashsax earned 500 total points
ID: 16920842
You cannot just turnoff a DC and assume it is removed.

First you need to check, if this DC is holding any FSMO roles.

If yes, then you need to transfer them to another DC.

Then run DCPROMO again on DC2.

This will remove all the entries of DC2 from AD, and gracefully remove it from the Active Directory.

The problem you are facing could be due to DC2 is holding some FSMO roles. First transfer them to other DC.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now