Wrong 2003 DC Server Processing User Logons

We have several locations that have 2003 Server DCs/DNS/DHCP servers.  Our main location, that is supposed to have our Primary and Backup domain controller seems to be processing logons from users at other locations.  Your primary DC/DNS/AD server should be processing all the logons, however I see that the backup DC (also a backup DNS/AD/Exchange server) seems to be processing all the user logons.  

This seems to be happening at the main site, computers are chooosing to logon to SERVERB instead of SERVERA as they are supposed to.  And also computers that are on different subnets, in different geographic locations appear to be authenticating to SERVERB at the main site, when they should be authenticating to the servers at their location.

Why is this happening, and how do I change it.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Configure AD Sites & Services properly.  Create multiple sites, and then add the proper subnets to each site, and then it will work properly.

Oh, and in the main site, you can't control which DC they authenticate against (not without modifying the registry on each workstation, anyway, which would be bad).

Brian PiercePhotographerCommented:
When you have a Domian with multiple subnets, you should configure the subnets in AD sites and services. The DCs should then be allocated to the site. Once you do that then clients will first attempt to authenticate with a DC on their own subnet first, and the noly seek another DC if their own DC is not available.

Incidently, if you want to make this more efficient, then at least one DC in each subnet should also be a Global Catalog Server, and DNS should alos be installed in each subnet and clients configured to use a DNS server in their own subnet as the preferred DNS server.
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

fireguy1125Author Commented:
The subnets have been configured for several years, I just double checked them and they are all setup correctly with the corresponding server at each subnet.  One thing I did notice however is that under the main site, the NTDS settings list all the server objects for all the sites, except some are listed as <automatically generated>, one is listed as d4282887-d6d2-4eac-8611-67212e930af4, and the remaining are shown by the DNS server name.  The one listed as d428.... is the remote server that should have users authenticating to it, but are instead authenticating to SERVERB at our main site. Also running the net session command on the SERVERA, also shows that a few logons came from other subnets.
have you checked that GC (global catalogs) are present in all site ?
check also that in dns management, under forward lookup zones, in _msdcs.yourdomain/gc/sites..... all global catalogs are correctly listed

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fireguy1125Author Commented:
Issue with the particular remote site was it was not a GC, and checked other sites and some were also not GC. The main site both SERVERA and SERVERB were GCs.  Still wondering why SERVERB seems to get more logons than SERVER A though, it would seem that since SERVERB handles more network traffic, as it is also an Exchange server, the logons would go to SERVERA. Thanks to both of you though!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.