How to ensure users authenticate to a particular domain controller

Posted on 2011-05-06
Last Modified: 2012-05-11
At our HQ we have two domain controllers both are setup with (domain = insert company name). We have a branch site that also has a domain controller with the same so we see users at our HQ authenticate using the domain controller at our branch site. Obviously this isn't good because it consumes bandwidth on our WAN. What is the best way to keep authentication local to an office, so HQ authenticates to the HQ domain controller and branch office authenticates to the branch office domain controller.
Question by:justin0104
    LVL 31

    Expert Comment

    AD Sites is the keyword.
    You define which IP Subnet in your Network is handeld by which domain controller
    LVL 57

    Expert Comment

    by:Mike Kline
    This is exactly what sites are used for in AD.

    You create the new site for the remote branch, associate the subnet and create a site link between HQ and remote.  Move that remote DC to that site and clients will use the local DC in their site for authentication (make it a global catalog if it is not)

    I have some more steps outlined in some comments here


    LVL 59

    Expert Comment

    by:Darius Ghassem
    Just to add make sure the clients at remote site point to the local Domain Controller at the remote site for their primary DNS server. DNS and AD sites & services will determine which DC to authenticate too.
    LVL 24

    Accepted Solution

    When users logs into domain , it contacts DNS using DClocator process for SRV records & GC to determine sites info, IP of DC in the site & DC providing AD services.
    DClocator process in detail

    If DNS & subnets are not properly defined & configured then it creates such issue & you don't need to any other manual steps apart from pointing client to local DC as preferred DNS in their NIC & alternate DNS server as other available DNS in their NIC. Also, create a subnet, map the subnet with correct site & create site link with the DC in site.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
    This tutorial will show how to inventory, catalog, and restore media from legacy versions of Backup Exec into both 2012 and 2014 versions of the software. Select Storage from the tabs along the ribbon bar as the top: Ensure the proper storage devi…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now