?
Solved

User logins not authenticating by all domain controllers

Posted on 2006-06-16
3
Medium Priority
?
243 Views
Last Modified: 2010-03-19
I have 2 Windows 2000 Server domain controllers at my company (TMIDC1 and TMIDC2). TMIDC2 is old and I replaced it a short time ago. We named the new server TMIDC3. It replicated with DC1 & 2 just fine, so we figured we could now turn off TMIDC2 and nobody would care, however when we did that certain users could not get logged in. Once we turned TMIDC2 back on they logged in just fine. My question is this...how can I tell (from a users PC) what domain controller it's trying to log into? I'm thinking that if I find the PCs that are trying to log into TMIDC2 and change that to TMIDC1 then they will be able to log in once I turn off TMIDC2.

The other question I have is, even if TMIDC2 is off, I always assumed that the user should get authenticated by either TMIDC1 or TMIDC3, but that is not happening. There is nothing running on TMIDC2 that TMIDC1 doesn't have running as well. Any ideas?

thanks in advance.
-Bob
0
Comment
Question by:bobrossi56
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 16920269
> how can I tell (from a users PC) what domain controller it's trying to log into?

At the command prompt do:

echo %logonserver%

And it'll show you exactly which they're trying to use.

But... they should be able to log onto any DC. That they can't suggests maybe you possibly have a name resolution problem; how is DNS configured for those clients?

HTH

Chris
0
 
LVL 13

Expert Comment

by:marine7275
ID: 16920408
DNS brother. You got to have those client statically assigned to the #2 server.

FLush DNS
0
 
LVL 13

Accepted Solution

by:
prashsax earned 2000 total points
ID: 16920842
You cannot just turnoff a DC and assume it is removed.

First you need to check, if this DC is holding any FSMO roles.

If yes, then you need to transfer them to another DC.

Then run DCPROMO again on DC2.

This will remove all the entries of DC2 from AD, and gracefully remove it from the Active Directory.

The problem you are facing could be due to DC2 is holding some FSMO roles. First transfer them to other DC.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question