Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

how to stop clients crossing across a site to find a logon D.C

Posted on 2007-12-05
4
Medium Priority
?
284 Views
Last Modified: 2010-04-02
hello expert,

How to stop a client from going across a WAN to find a active Domain controller.

I have a windows 2003 active directory domain with 11 sites. (different subnets).

On several occasion clients attempted to crossing subnets to find a nearby D.C when the D.C

within their respective site was up and running.

How can i restrict client(s) to local subnet and not to allow them allowing crossing sites,

I prefer if the a client cannot authenticate in their respective subnet just deny connection

instead of crossing subnets.

Regards
Jomo
0
Comment
Question by:jomfra
  • 2
4 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 20410707
Yo need to go into Active Directory Sites and Services
First Define your subnets
Then set-up your sites in AD sites and service and associate each site with one or more subnets
Job Done

Clients will then use a DC in their own site in preference to another DC.
0
 

Author Comment

by:jomfra
ID: 20411078
hello KCTS,

>>Then set-up your sites in AD sites and service and associate each site with one or more subnets
Job Done

Clients will then use a DC in their own site in preference to another DC.

I have all the above in place--- but the some clients when their respective

D.C is down temporary will attempt to cross sites to finds a functioning d.c

in a neighboring site.

I would like to prevent this from happen the bandwidth between sites is

only 64kbps.

What i would like is if the d.c within the client's site is not available just

do not allow clients to log in i do not want log on traffic across the WAN.

thanks
0
 
LVL 1

Accepted Solution

by:
tonux earned 750 total points
ID: 20414521
alternatively, you could set up an access list on the WAN router to avoid all AD traffic.
see here for detailed port to restrict : http://technet.microsoft.com/en-us/library/bb727063.aspx
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 750 total points
ID: 20414575
That is the default - if the DC on their own site is not available then the clients will attempt to locate another DC. You can block the traffic as tonux suggests but then users at the remote site will not be able to log on - though cached credentials would work.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
If you try to migrate from Elastix to Issabel, you will face a lot of issues. These problems are inevitable but fortunately, you can fix them. In the guide below, I will explain how I performed the migration while keeping all data and successfully t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question