[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

DC Locator Setting in GP / Local Authentication

Posted on 2007-12-01
2
Medium Priority
?
576 Views
Last Modified: 2008-05-30
I have noticed that my clients are authenticating against domain controllers that are not local to them.  I have checked the site and services, the settings are correct.  I have been doing some research and located the option to setup the DC Locator Server http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1283750,00.html ) .  If this option is configured, will it force the computers to authenticate to the subnets that are on that network vs. ones that are not?  Also, if forced, if those controllers are down will it authenticate to the local computer or search for remotes listed in DNS?
0
Comment
Question by:securitythreat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 2000 total points
ID: 20390076
If you want clients to authenticate with particular domain controllers in preference to others then you need to configure Active Directory Sites properly.

You should start by defining your subnets in Active Directory Sites and services, then you need to create sites and associate one or more subnets with each site. Once that is done then clients will attempt to use a DC on their own site for authentication.

Of course is you want to minimise traffic across the subnets you should also place a DNS server in each site (easy to do if you use AD integrated DNS), and point clients to that DNS server as their preferred DNS server. Also the DC/DNS server should be made a global catalg server as well to provide GC lookups locally as well. If you are uding DHCP you could also look at localising that as well.

0
 
LVL 1

Author Comment

by:securitythreat
ID: 20390104
I have all this in place.  However, this is still an issue.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question