• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 334
  • Last Modified:

How to selectively choose the DC for all the domain logon

This is using Windows 2003 AD Domain. There are 2 DCs. Is there any settings so that 1 DC is most preferred to be the authentication server for all the client workstation logon?
0
Balack
Asked:
Balack
  • 4
  • 3
  • 2
  • +1
1 Solution
 
Glen KnightCommented:
No, if you don't want the other to be used then make sure it's not a Global Catalogue server.

In Active Directory Sites and Services expand the DC you don't want used right click in NTDS Settings and select properties and uncheck the box for Global Catalogue.
0
 
BalackAuthor Commented:
Does it mean that DC w/o GC role will not able to authenticate clients?
0
 
Glen KnightCommented:
Not really it just means if a request is made to that server it will be passed on to the GC.

To be honest it's not worth doing because the overhead is minimal compared to not having them both as GC's

in a single domain environment it makes absolutely no difference and there is no benefit to not having all your DC's as GC's
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
BalackAuthor Commented:
There is a simple test I want to clarify. Among these 2 DCs, one is W2k, and another w2k3. Among the client workstations, some of them are w2k prof. I want to test whether W2k DC can authenticate w2k prof client workstation without problem. Do you have any suggestion?
0
 
Glen KnightCommented:
There is absolutely no reason why they wouldn't be able to authenticate users.
0
 
KCTSCommented:
If you remove the Global Catalog from one server, then it will not be able to authenticate clients should the other DC fail so this is a BAD idea. There is absolutly no overhead in a single domain to have all DCs as global catalogs.
If you want clients to be able to log on if any DC fails then
1. Both DCs must Be Global catalog Servers
2. Both DCs must also have DNS
3. If you are using DHCP, then this should be enabled on both DCs (with non-overlapping scopes)
4. Clients should have their DNS server settings (preferred and alternate) set to point to both DCs

To test, simply swich off one DC and then boot and atry and log on with a client.
0
 
JonasHaglundCommented:
The simplest way is to just disable the netlogon service on one of the DC's while your'e testing.
0
 
Glen KnightCommented:
I am pretty sure that will result in a failed login rather than forcing it to use the other DC!
0
 
KCTSCommented:
It you reaaly mys change the DC priority (which I doubt) then the official way to do it is to change the weight for DNS SRV records by using the registry (this from http://technet.microsoft.com/en-us/library/cc737541(WS.10).aspx)

1.In the Run dialog box, type regedit, and press ENTER.

2.In the registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters.

3.Click Edit, click New, and then click DWORD value.

4.For the new entry name, type LdapSrvWeight and press ENTER. (The value name is not case sensitive.)

5.Double-click the entry name you just typed to open the Edit DWORD Value dialog box.

6.Choose Decimal as the Base option.

7.Enter a value from 0 through 65535. The recommended value is 50.

8.Click OK.

9.Click File, and then click Exit to close the registry editor.

Adjusting the priority of the domain controller also reduces the number of client referrals. However, rather than reducing it proportionally to the other domain controllers, changing the priority causes DNS to stop referring all clients to this domain controller unless all domain controllers with a lower priority setting are unavailable
0
 
BalackAuthor Commented:
Excellent.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now