?
Solved

Adding DC and forcing authentication

Posted on 2009-05-06
7
Medium Priority
?
356 Views
Last Modified: 2012-05-06
We want to add a DC and force a group of machines in a site to authenticate to this DC. We have all XP machines authenticating to 2003 server DC's. I know there is no way to do it 100% but can I build a site and add those machines(IP's) to that site. Then add the DC I just built to the "servers" section in Sites and Services? This will atleast force most of the authentication to this DC? We want to reduce the WAN traffic ,since we have a network that spans across our state.
0
Comment
Question by:Thomas N
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24321349
Actually what you are thinking of doing is exactly how sites work in AD.
You associate the subnet of your remote site to the site and the machines in that site/subnet should authenticate to the DC in that site.
See my response about halfway down the thread below for more detailed steps
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_24109142.html
Also make that DC a global catalog server.  If anyone gives you grief about that see the first bullet in this blog
http://adisfun.blogspot.com/2009/04/lessons-learned-from-eric-fleischman.html
How is your DNS setup right now?  Are you using Active Directory integrated DNS?
Thanks
Mike
0
 

Author Comment

by:Thomas N
ID: 24321432
Yes its Active Directory integrated DNS.
0
 

Author Comment

by:Thomas N
ID: 24321442
Also once this site is created its not guaranteed it will authenticate to this DC 100% correct? If there is say network latency or lag time then it will authenticate to my other DC's? No way around this?
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:Thomas N
ID: 24321462
One more question ,theres no way to keep the other sites from authenticating to this specific DC? The site I want to create has a group of machines that are in the same building as another site. They will authenticate to this DC also ...right? Since it is the closest on in proximity?  Thanks mkline71
0
 

Author Comment

by:Thomas N
ID: 24321469
Can I associate a DC to two sites or more? This way I can associate a DC to each site so that they dont authenticate to each others DC's? I hope that makes sense
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1500 total points
ID: 24321682
The reason i asked about DNS is because I'd also make the DC a DNS server.  SInce it is AD integrated all you need to do is install DNS on the new DC and DNS will replicate
If that DC in that site is available it should use that DC.
Detailed steps on how a DC is located can be found here
http://support.microsoft.com/kb/314861
Why would you have two sites for machines in the same building.  Make them all part of the same site.
DCs can only be associated with one site.
Thanks
Mike
0
 

Author Comment

by:Thomas N
ID: 24321962
We have over 10 sites and 3 DC's. On our sites and services we only have 3 of them assigned to DC's. The others I guess are authenticated to the closest proximity DC's? Can I assign which site authenticates to which DC by just adding the server to the site?

To answer the question about adding 2 DC's is  because our management wants to have a group of machines(that are actually owned by a different company) authenticate to there own DC. Eventhough they are in the same building.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question