Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to ensure users authenticate to a particular domain controller

Posted on 2011-05-06
4
Medium Priority
?
452 Views
Last Modified: 2012-05-11
At our HQ we have two domain controllers both are setup with domain.com (domain = insert company name). We have a branch site that also has a domain controller with the same domain.com so we see users at our HQ authenticate using the domain controller at our branch site. Obviously this isn't good because it consumes bandwidth on our WAN. What is the best way to keep authentication local to an office, so HQ authenticates to the HQ domain controller and branch office authenticates to the branch office domain controller.
0
Comment
Question by:justin0104
4 Comments
 
LVL 31

Expert Comment

by:merowinger
ID: 35709174
AD Sites is the keyword.
http://www.comptechdoc.org/os/windows/win2k/win2kadsites.html
You define which IP Subnet in your Network is handeld by which domain controller
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35709177
This is exactly what sites are used for in AD.

You create the new site for the remote branch, associate the subnet and create a site link between HQ and remote.  Move that remote DC to that site and clients will use the local DC in their site for authentication (make it a global catalog if it is not)

I have some more steps outlined in some comments here

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_24109142.html

Thanks

Mike
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35710231
Just to add make sure the clients at remote site point to the local Domain Controller at the remote site for their primary DNS server. DNS and AD sites & services will determine which DC to authenticate too.
0
 
LVL 24

Accepted Solution

by:
Awinish earned 2000 total points
ID: 35712672
When users logs into domain , it contacts DNS using DClocator process for SRV records & GC to determine sites info, IP of DC in the site & DC providing AD services.
DClocator process in detail
http://support.microsoft.com/kb/314861
http://blogs.technet.com/b/askds/archive/2008/09/24/domain-locator-across-a-forest-trust.aspx

If DNS & subnets are not properly defined & configured then it creates such issue & you don't need to any other manual steps apart from pointing client to local DC as preferred DNS in their NIC & alternate DNS server as other available DNS in their NIC. Also, create a subnet, map the subnet with correct site & create site link with the DC in site.

0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question