Users at main site are authenticating to remote sites DC

I have a site to site tunnel setup.  At my remote site I have a DC, DHCP, DNS, & F/P server, specifically for the users located at the remote site.  I have noticed that I have users at my main site authentiating to the remote server.  

How can I prevent this?  

I would still like the ability for the users at the remote site to authenticate to the main sites DC in the event their server goes down.  Is there a way to specify an order to which servers sites should try to authenticate to?
LVL 1
ZorniacAsked:
Who is Participating?
 
Larry LarmeuConnect With a Mentor Principal ConsultantCommented:
In order for the clients to know what is local to them you have to separate them into sites.  Since it is flat, they don't realize the other server is remote, which is why they are using it.  Define your sites, first, then you will probably want the DC in each respective site to serve as the primary DNS to keep less traffic over the WAN and have faster lookup times.  You should have a global catalog at each site.  These days a lot of people just make all of their DCs global catalogs.
0
 
Larry LarmeuPrincipal ConsultantCommented:
Do you have the sites defined in Active directory?
0
 
Darius GhassemConnect With a Mentor Commented:
First you need to have site setup in AD sites and services for remote site. You need to have Global Catalog at HQ and remote site. You need to have local DHCP server at remote site or have at least clients pointing to the local Domain Controller as primary for DNS in  their TCP\IP properties
0
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
ZorniacAuthor Commented:
No I never setup any sites in AD.  I just have all my servers in teh Default-First-Site and an OU under that called servers which houses the two DC's at main site, and the one DC at remote site.  This is the first remote DC we have.  So I just create site in the AD directory Sites and Services.msc.    I currently have the a GC and DHCP at main and remote site.  

So at the remote site I should have the DHCP server pointing to that DNS server first in the TCP/IP properties?  What about for a secondary DNS server, is it okay for those clients to point to the main sites DNS server?
0
 
Darius GhassemCommented:
Yes you would point the secondary to the HQ DNS server for redunancy.
0
 
ZorniacAuthor Commented:
I created a site for the remote network, and defined the subnet, linking it to remote site.  I haven't moved the server to the newly created remote site.  Do I need to do somethign with Inter-Site Transports to make sure my IP and SMTP traffic continue to flow?
0
 
ZorniacAuthor Commented:
I moved the server over to the remote site...  I also created a site for the Main site and moved the servers out of the Default First site container.  Is that a bad idea, do I always need to have objects in the default first-site?  

Do I need to configure anything else that will allow the clients at the remote site to authenticate to the main site if the remote DC goes down?
0
 
Darius GhassemCommented:
I would leave the HQ servers in the Default site you can change the name if you want do  but I would leave it alone
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.