We help IT Professionals succeed at work.

Adding DC and forcing authentication

370 Views
Last Modified: 2012-05-06
We want to add a DC and force a group of machines in a site to authenticate to this DC. We have all XP machines authenticating to 2003 server DC's. I know there is no way to do it 100% but can I build a site and add those machines(IP's) to that site. Then add the DC I just built to the "servers" section in Sites and Services? This will atleast force most of the authentication to this DC? We want to reduce the WAN traffic ,since we have a network that spans across our state.
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2013

Commented:
Actually what you are thinking of doing is exactly how sites work in AD.
You associate the subnet of your remote site to the site and the machines in that site/subnet should authenticate to the DC in that site.
See my response about halfway down the thread below for more detailed steps
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_24109142.html
Also make that DC a global catalog server.  If anyone gives you grief about that see the first bullet in this blog
http://adisfun.blogspot.com/2009/04/lessons-learned-from-eric-fleischman.html
How is your DNS setup right now?  Are you using Active Directory integrated DNS?
Thanks
Mike
Thomas NSystems Analyst - Windows System Administrator

Author

Commented:
Yes its Active Directory integrated DNS.
Thomas NSystems Analyst - Windows System Administrator

Author

Commented:
Also once this site is created its not guaranteed it will authenticate to this DC 100% correct? If there is say network latency or lag time then it will authenticate to my other DC's? No way around this?
Thomas NSystems Analyst - Windows System Administrator

Author

Commented:
One more question ,theres no way to keep the other sites from authenticating to this specific DC? The site I want to create has a group of machines that are in the same building as another site. They will authenticate to this DC also ...right? Since it is the closest on in proximity?  Thanks mkline71
Thomas NSystems Analyst - Windows System Administrator

Author

Commented:
Can I associate a DC to two sites or more? This way I can associate a DC to each site so that they dont authenticate to each others DC's? I hope that makes sense
CERTIFIED EXPERT
Top Expert 2013
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Thomas NSystems Analyst - Windows System Administrator

Author

Commented:
We have over 10 sites and 3 DC's. On our sites and services we only have 3 of them assigned to DC's. The others I guess are authenticated to the closest proximity DC's? Can I assign which site authenticates to which DC by just adding the server to the site?

To answer the question about adding 2 DC's is  because our management wants to have a group of machines(that are actually owned by a different company) authenticate to there own DC. Eventhough they are in the same building.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.