Solved

Need Script to set LOGONSERVER in Windows

Posted on 2009-07-16
9
1,612 Views
Last Modified: 2012-06-21
I have an issue where some of my remote sites will not connect to the proper DC. This of course brings the login to a crawl. I would like a script to set the %LOGONSERVER% to my server. INPADHQDC1. So far I am having some problems finding out about the %LOGONSERVER% variable. All my users login to our DC but some of the other sites will try and connect too the wrong DC. We have multiple DC's and no roamers. I can't use the NET commands. TIA
SET \\INPADHQDC1 %LOGONSERVER%

Open in new window

0
Comment
Question by:MarkIsrael
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 10

Expert Comment

by:remmett70
Comment Utility
Do you have sites setup in AD Sites and Services?
0
 
LVL 1

Assisted Solution

by:sporgg
sporgg earned 100 total points
Comment Utility
Hi there

Having a script that sets the %LOGONSERVER% variable will not solve your problem.

Have a look at this article explaining the logon process, I hope this will point you in the right direction. If not let me know.

http://www.tekrevolution.com/open/2009/06/12/active-directory-and-the-logon-process/

Regards

Sporgg
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 200 total points
Comment Utility
Clients will automatically try to authenticate to the closest DC. If they can't find a DC in the local site, they will search for a DC at the next closest site link for redundance when the normal DC is unavailable.
If you want a preferred DC for the local/remote locations, create different sites by using AD Sites and Services and assign the different subnets to the site they belong with the preferred DC they should authenticate to.
If you want to avoid WAN links for authentication, make sure you have atleast two DC/GCs in each site.
0
 

Author Comment

by:MarkIsrael
Comment Utility
You all have hit the nail on the head. Which in my case there isn't a solution I can do from where I sit. We have a small group of contractors that control all the AD Forests in our company. I have a DC at my site but I can't logon, or do a damm thing with it. Also, the same group has the DNS server. From what I have seen they are clueless about the workings of what DNS Servers do. It appears I'll have to see if they do anything about the local site.
Unless there is something I can do with DHCP or something of another fashion. I'll wait to see if anything else comes down and award points next week.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 200 total points
Comment Utility
Sites/subnets nead as said to be correctly configured in ADSS to get the clients to authenticate with the local preferred site and avoid WAN-communication.

Is there a firewall between the sites preventing communication between clients and DCs causing authentication problems or is it just that they doesn't use the closest DC/GC and uses WAN-link when not neaded?

Some technet articles about site/subnet management:
http://technet.microsoft.com/en-us/library/cc782048.aspx
http://technet.microsoft.com/en-us/library/cc731907.aspx
http://technet.microsoft.com/en-us/library/cc740187.aspx
http://technet.microsoft.com/en-us/library/cc780426.aspx
0
 

Author Comment

by:MarkIsrael
Comment Utility
We are talking about a WAN site. It is supposed use our DC but it tends to use the Denver DC. Even after it was setup on a differant TCP/IP address. At HQ we have a regular IP address. One that is registered with ICANN but the remote sites are on a private addressing scheme. We use the IP Helper command on our Cisco Routers to tell the computer where to find the DHCP Server which I have control over.
Also, I am wondering if the DC could be added to the HOSTS or LMHOSTS file to help the workstation look at our DC.  I am not sure how many DC's we have but the top of tree is Denver and Washington. When it hits the Denver DC all traffic runs at a snails pace.
0
 
LVL 4

Accepted Solution

by:
JimInLakeland earned 200 total points
Comment Utility
The solution is in Active Directory Sites and Services.

In sites and services, find the site that has your domain controller. That DC should also be configured as a Global Catalog server. If it is not, set it. Let's call that site "Orlando"

If you want computers using a 10.10.10.0/24 subnet to use the DC in the Orlando site, you assign the 10.10.10.0/24 subnet to Orlando site.

If you do not have subnets assigned specifically, the client machines will organicly find the DC it feels like using (and it is always the one you don't want it to use.)


Sites and Services is your solution. If you don't manage that correctly, no amount of DHCP work will help.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
As you can't do it by your self, ask the networking guys to use AD Sites and Services for configuring the network to have separate sites for Denver and Washington and assign the different subnets to the correct site.
0
 
LVL 1

Expert Comment

by:sporgg
Comment Utility
Hi there,

If you have a firewall installed on the computers you could set the firewall to deny access to the AD ports on outside server. This should force the computers to use your local ad server. The ports you would need to restrict are Kerberos: 750 & LDAP: 389. Would recommend testing this out before trying it on a live system.

Regards

Sporgg
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now