Solved

Need Script to set LOGONSERVER in Windows

Posted on 2009-07-16
9
1,655 Views
Last Modified: 2012-06-21
I have an issue where some of my remote sites will not connect to the proper DC. This of course brings the login to a crawl. I would like a script to set the %LOGONSERVER% to my server. INPADHQDC1. So far I am having some problems finding out about the %LOGONSERVER% variable. All my users login to our DC but some of the other sites will try and connect too the wrong DC. We have multiple DC's and no roamers. I can't use the NET commands. TIA
SET \\INPADHQDC1 %LOGONSERVER%

Open in new window

0
Comment
Question by:MarkIsrael
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 10

Expert Comment

by:remmett70
ID: 24873739
Do you have sites setup in AD Sites and Services?
0
 
LVL 1

Assisted Solution

by:sporgg
sporgg earned 100 total points
ID: 24873770
Hi there

Having a script that sets the %LOGONSERVER% variable will not solve your problem.

Have a look at this article explaining the logon process, I hope this will point you in the right direction. If not let me know.

http://www.tekrevolution.com/open/2009/06/12/active-directory-and-the-logon-process/

Regards

Sporgg
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 200 total points
ID: 24873771
Clients will automatically try to authenticate to the closest DC. If they can't find a DC in the local site, they will search for a DC at the next closest site link for redundance when the normal DC is unavailable.
If you want a preferred DC for the local/remote locations, create different sites by using AD Sites and Services and assign the different subnets to the site they belong with the preferred DC they should authenticate to.
If you want to avoid WAN links for authentication, make sure you have atleast two DC/GCs in each site.
0
Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

 

Author Comment

by:MarkIsrael
ID: 24878347
You all have hit the nail on the head. Which in my case there isn't a solution I can do from where I sit. We have a small group of contractors that control all the AD Forests in our company. I have a DC at my site but I can't logon, or do a damm thing with it. Also, the same group has the DNS server. From what I have seen they are clueless about the workings of what DNS Servers do. It appears I'll have to see if they do anything about the local site.
Unless there is something I can do with DHCP or something of another fashion. I'll wait to see if anything else comes down and award points next week.
0
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 200 total points
ID: 24879057
Sites/subnets nead as said to be correctly configured in ADSS to get the clients to authenticate with the local preferred site and avoid WAN-communication.

Is there a firewall between the sites preventing communication between clients and DCs causing authentication problems or is it just that they doesn't use the closest DC/GC and uses WAN-link when not neaded?

Some technet articles about site/subnet management:
http://technet.microsoft.com/en-us/library/cc782048.aspx
http://technet.microsoft.com/en-us/library/cc731907.aspx
http://technet.microsoft.com/en-us/library/cc740187.aspx
http://technet.microsoft.com/en-us/library/cc780426.aspx
0
 

Author Comment

by:MarkIsrael
ID: 24880286
We are talking about a WAN site. It is supposed use our DC but it tends to use the Denver DC. Even after it was setup on a differant TCP/IP address. At HQ we have a regular IP address. One that is registered with ICANN but the remote sites are on a private addressing scheme. We use the IP Helper command on our Cisco Routers to tell the computer where to find the DHCP Server which I have control over.
Also, I am wondering if the DC could be added to the HOSTS or LMHOSTS file to help the workstation look at our DC.  I am not sure how many DC's we have but the top of tree is Denver and Washington. When it hits the Denver DC all traffic runs at a snails pace.
0
 
LVL 4

Accepted Solution

by:
JimInLakeland earned 200 total points
ID: 24884261
The solution is in Active Directory Sites and Services.

In sites and services, find the site that has your domain controller. That DC should also be configured as a Global Catalog server. If it is not, set it. Let's call that site "Orlando"

If you want computers using a 10.10.10.0/24 subnet to use the DC in the Orlando site, you assign the 10.10.10.0/24 subnet to Orlando site.

If you do not have subnets assigned specifically, the client machines will organicly find the DC it feels like using (and it is always the one you don't want it to use.)


Sites and Services is your solution. If you don't manage that correctly, no amount of DHCP work will help.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 24884389
As you can't do it by your self, ask the networking guys to use AD Sites and Services for configuring the network to have separate sites for Denver and Washington and assign the different subnets to the correct site.
0
 
LVL 1

Expert Comment

by:sporgg
ID: 24894280
Hi there,

If you have a firewall installed on the computers you could set the firewall to deny access to the AD ports on outside server. This should force the computers to use your local ad server. The ports you would need to restrict are Kerberos: 750 & LDAP: 389. Would recommend testing this out before trying it on a live system.

Regards

Sporgg
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question