Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to prevent DC at remote site from being used in rotation company wide.

Posted on 2008-10-03
2
Medium Priority
?
282 Views
Last Modified: 2012-06-27
We have two 2008 domain controllers at our main data center. We have a 2003 domain controller at one of our branch locations. The DHCP server at the branch location is set up to assign their local DC as the primary domain controller. However, we are noticing that this domain controller is being referenced by Outlook throughout the company. When users open Outlook they are forced to wait as the branch office DC is contacted.

I believe this may be due to the controller being in rotation for AD lookups. However, we can not have this take place as it is very inefficient to do AD lookups to remote locations. So my questions is, how do I set the DC's so that they are only utilized at their proper locations. i.e. the branch DC is only used at the branch location.
0
Comment
Question by:EuclidInsurance
2 Comments
 
LVL 16

Assisted Solution

by:robrandon
robrandon earned 800 total points
ID: 22634310
You should create a new Site and Subnet in the Sites and Services snap-in.  Make sure your remote DC is in the remote site and subnet.

0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 1200 total points
ID: 22634321

Hey,

That's exactly what AD Sites and Services is there for.

In order, you would:

1. Configure Site Names for each of your sites
2. Configure Subnets for each of your sites (it's a folder in AD Sites and Services) and bind those to sites
3. Move Domain Controllers into the sites as applicable

Clients will preferentially log onto a DC within their site.

You should also ensure that each site has a Global Catalog (I recommend making all DCs into Global Catalogs) or you will find logons still end up on remote domain controllers.

HTH

Chris
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question