Link to home
Create AccountLog in
Avatar of Dewiced
DewicedFlag for Slovenia

asked on

Logon server priorities

First of all happy new year 2011.

I'm searching for a solution. I wan't to set logon priorities on each site within our domain. We have 1 domain, 3 sites with 2 domain controllers each site. So what i want to do is, that i want to set priorities on each site. For example : on site A with 2 domain controllers (primary, secondary) i want to force that workstations try to logon on primary, then secundary logon server on this site. Same goes for all 3 sites. I know it can be done with SRV record priorities, but all i could find is the examples for single site domain. Can someone give me som hint or instruction, how can this be done on multiple domain sites. Oh, domain is Windows 2003, one site with Windows 2008 servers.

thank you.
Avatar of Glen Knight
Glen Knight
Flag of United Kingdom of Great Britain and Northern Ireland image

It can be done with SRV records bit I woukdnt recommend changing these values.

Why do you want to do this? The authentication process doesn't have much overhead and by changing these values you can cause additional problems intour environment.

I have to agree with demazter, but for the sake of a conversation... These are the instructions you found?

If so, those are correct, you'd need to do it for each DC on each site.

I'd have a lot of trouble recommending that, it's such an obscure setting.

Not for points, but just to echo an agreement of what demazter has said...

That is a patently bad idea.  AD actually does a good job of staying within the Site, if set up correctly, so there really isn't enough to be gained to justify the change and the future problems it could cause.

No one mentioned Active Directory Sites and Services.

Configure Active Directory Sites and Services.   Users will always authenticate with the DCs within their own site.  That is what ADS&S is for.  If there is two DCs in the same site then it doesn't matter which of the two they authenticate with,...that is not something you should even worry about.  Regardless of which of the two they log into it still has to replicate to the other one anyway, it is pointless to worry about.

Even if you go monkeying around with forcing some kind of DC preference in some way all you are doing in the end is fouling up the natural order of things with the way AD is supposed to work.

The authors question implied they were set-up and this configuration was to be per pre-configured site. Which is why I didn't touch on that aspect at all :)

pwindle, not to seem too argumentative, but the Author said he had Sites set up, and I also mentioned Sites:

"AD actually does a good job of staying within the Site, if set up correctly" from http:#a34472684

I think all three of us were saying the same thing to the Author: If set up in Sites correctly, there is no need to muck any further.
Sorry,...I thought he meant "physical site",...not an AD thing.  It is hard to tell the difference sometimes.
Well, after taking a look, the Experts previous to you all assumed the Author meant Sites from Sites and Services, and the Author may, well, have meant physical sites.  Your post may have quite a bit of merit if we all assumed the wrong thing. :)

I wouldn't think you were argumentative.  I've been in enough threads with you and Chris that I feel I kinda know you guys,...or at least you aren't "strangers" to me.   :-)
Avatar of Dewiced
Flag of Slovenia image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
sounds like Active Directory Sites and services is not configured correctly and you don't have enough GC's
Agreed... Can you post a shot of your Active Directory Sites and Services configuration, so show each server in its correct site?  Remember you need a GC in each site to reduce cross site chatter...