Solved

User logins not authenticating by all domain controllers

Posted on 2006-06-16
3
240 Views
Last Modified: 2010-03-19
I have 2 Windows 2000 Server domain controllers at my company (TMIDC1 and TMIDC2). TMIDC2 is old and I replaced it a short time ago. We named the new server TMIDC3. It replicated with DC1 & 2 just fine, so we figured we could now turn off TMIDC2 and nobody would care, however when we did that certain users could not get logged in. Once we turned TMIDC2 back on they logged in just fine. My question is this...how can I tell (from a users PC) what domain controller it's trying to log into? I'm thinking that if I find the PCs that are trying to log into TMIDC2 and change that to TMIDC1 then they will be able to log in once I turn off TMIDC2.

The other question I have is, even if TMIDC2 is off, I always assumed that the user should get authenticated by either TMIDC1 or TMIDC3, but that is not happening. There is nothing running on TMIDC2 that TMIDC1 doesn't have running as well. Any ideas?

thanks in advance.
-Bob
0
Comment
Question by:bobrossi56
3 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 16920269
> how can I tell (from a users PC) what domain controller it's trying to log into?

At the command prompt do:

echo %logonserver%

And it'll show you exactly which they're trying to use.

But... they should be able to log onto any DC. That they can't suggests maybe you possibly have a name resolution problem; how is DNS configured for those clients?

HTH

Chris
0
 
LVL 13

Expert Comment

by:marine7275
ID: 16920408
DNS brother. You got to have those client statically assigned to the #2 server.

FLush DNS
0
 
LVL 13

Accepted Solution

by:
prashsax earned 500 total points
ID: 16920842
You cannot just turnoff a DC and assume it is removed.

First you need to check, if this DC is holding any FSMO roles.

If yes, then you need to transfer them to another DC.

Then run DCPROMO again on DC2.

This will remove all the entries of DC2 from AD, and gracefully remove it from the Active Directory.

The problem you are facing could be due to DC2 is holding some FSMO roles. First transfer them to other DC.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 3650 switch 7 45
Home lab datacenter 9 105
BIND9 - DNS redirect? 4 23
cannot view videos at msnbc 12 40
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question