Users at main site are authenticating to remote sites DC

I have a site to site tunnel setup.  At my remote site I have a DC, DHCP, DNS, & F/P server, specifically for the users located at the remote site.  I have noticed that I have users at my main site authentiating to the remote server.  

How can I prevent this?  

I would still like the ability for the users at the remote site to authenticate to the main sites DC in the event their server goes down.  Is there a way to specify an order to which servers sites should try to authenticate to?
LVL 1
ZorniacAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Larry LarmeuPrincipal ConsultantCommented:
Do you have the sites defined in Active directory?
0
Darius GhassemCommented:
First you need to have site setup in AD sites and services for remote site. You need to have Global Catalog at HQ and remote site. You need to have local DHCP server at remote site or have at least clients pointing to the local Domain Controller as primary for DNS in  their TCP\IP properties
0
ZorniacAuthor Commented:
No I never setup any sites in AD.  I just have all my servers in teh Default-First-Site and an OU under that called servers which houses the two DC's at main site, and the one DC at remote site.  This is the first remote DC we have.  So I just create site in the AD directory Sites and Services.msc.    I currently have the a GC and DHCP at main and remote site.  

So at the remote site I should have the DHCP server pointing to that DNS server first in the TCP/IP properties?  What about for a secondary DNS server, is it okay for those clients to point to the main sites DNS server?
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Larry LarmeuPrincipal ConsultantCommented:
In order for the clients to know what is local to them you have to separate them into sites.  Since it is flat, they don't realize the other server is remote, which is why they are using it.  Define your sites, first, then you will probably want the DC in each respective site to serve as the primary DNS to keep less traffic over the WAN and have faster lookup times.  You should have a global catalog at each site.  These days a lot of people just make all of their DCs global catalogs.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Darius GhassemCommented:
Yes you would point the secondary to the HQ DNS server for redunancy.
0
ZorniacAuthor Commented:
I created a site for the remote network, and defined the subnet, linking it to remote site.  I haven't moved the server to the newly created remote site.  Do I need to do somethign with Inter-Site Transports to make sure my IP and SMTP traffic continue to flow?
0
ZorniacAuthor Commented:
I moved the server over to the remote site...  I also created a site for the Main site and moved the servers out of the Default First site container.  Is that a bad idea, do I always need to have objects in the default first-site?  

Do I need to configure anything else that will allow the clients at the remote site to authenticate to the main site if the remote DC goes down?
0
Darius GhassemCommented:
I would leave the HQ servers in the Default site you can change the name if you want do  but I would leave it alone
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.