[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Help with Windows 2003 DCs

Posted on 2009-05-02
4
Medium Priority
?
229 Views
Last Modified: 2012-05-06
I have two DCs located at the same site with 250 users. I have noticed that some users are authenticated by DC1 while others by DC2.
1- Can anyone explain what is the criteria of a Windows 2003 to decide which user will be authenticated by which DC? 2- If a user is authenticated by DC1 and this DC has a sudden hardware failure will this user be affected? Will DC2 take over this user without having the user to log off / on?  
0
Comment
Question by:kt2003
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
valicon earned 500 total points
ID: 24286189
Clients will authenticate to the nearest DC, which usually is in the same site. If there is no DC in their site they will look for other DC's to authenticate. This process is automatic. If a DC should fail due to whatever reason and not be available to authenticate users, other DC's either in the same site or other sites will be able to authenticate the users. This is assuming of course that there are other DC's available.
0
 

Author Comment

by:kt2003
ID: 24286222
Thank you.
You didn't answer my question.
I have two DCs located 'at the same site' with 250 users. I have noticed that some users are authenticated by DC1 while others by DC2.
Can anyone explain what is the criteria of a Windows 2003 to decide which user will be authenticated by which DC?    
0
 
LVL 12

Expert Comment

by:valicon
ID: 24286330
Let me break it down a little bit better for you.  A client machine be it a workstation or another server will seek the closest DC based upon the subnet that the client machine is in, then the subnet that the DC is in to determine the closest DC. The domain controllers will authenticate the clients as needed, there is no preferred DC that will handle logins. This can be configured by altering the SRV records in DNS but it is not recommended.

Each DC is a peer and if the DC's are in the same domain and same site then there is no specific criteria as to which DC will authenticate which user, other than what I stated above.
0
 

Assisted Solution

by:zaedi_ahmed
zaedi_ahmed earned 500 total points
ID: 24286837
Your points:

01. You have got two DC's namely DC1 and DC2

02. With 250 clients.

03. You have said that some users are authenticated by DC1 and  some are by DC2

You asked:

01. Criteria of a Windows 2003 to decide which user will be authenticated by which DC?

02. A sudden hardware failure will this user be affected? Will  DC2 take over this user without having the user to log off / on?

SOLUTION:

Well in your question you haven't given any information whether these two  DC's are parent-child or additional domain controllers.

IF parent child domain:
Then user's of the parent domain (assuming DC1) will  authenticate it's own user out of 250 and child domain (assuming DC2) will authenticate its own user's out of 250 (whatever user's  are created under child domain controller).

In this case a sudden hardware failure will have a drastic affect cause the sub or child domain will not going to take over automatically.

IF Additional Domain controller

Then users will give priority to the DC1 as their main domain controller and if DC1 is busy then user authentication could be performed by DC2 as it has got the same active directory users.

In this case a sudden hardware failure will have a drastic affect cause the additional domain controller has got the active directory to give backup for authentication but lacks the DNS as it will be a secondary DNS and administrator must upgrade the secondary DNS to Active Directory integrated Primary DNS and point itself as it's primary DNS then it could authenticate the user's properly.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question