justin0104
asked on
How to ensure users authenticate to a particular domain controller
At our HQ we have two domain controllers both are setup with domain.com (domain = insert company name). We have a branch site that also has a domain controller with the same domain.com so we see users at our HQ authenticate using the domain controller at our branch site. Obviously this isn't good because it consumes bandwidth on our WAN. What is the best way to keep authentication local to an office, so HQ authenticates to the HQ domain controller and branch office authenticates to the branch office domain controller.
This is exactly what sites are used for in AD.
You create the new site for the remote branch, associate the subnet and create a site link between HQ and remote. Move that remote DC to that site and clients will use the local DC in their site for authentication (make it a global catalog if it is not)
I have some more steps outlined in some comments here
https://www.experts-exchange.com/questions/24109142/New-Site-in-AD-2003.html
Thanks
Mike
You create the new site for the remote branch, associate the subnet and create a site link between HQ and remote. Move that remote DC to that site and clients will use the local DC in their site for authentication (make it a global catalog if it is not)
I have some more steps outlined in some comments here
https://www.experts-exchange.com/questions/24109142/New-Site-in-AD-2003.html
Thanks
Mike
Just to add make sure the clients at remote site point to the local Domain Controller at the remote site for their primary DNS server. DNS and AD sites & services will determine which DC to authenticate too.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.comptechdoc.org/os/windows/win2k/win2kadsites.html
You define which IP Subnet in your Network is handeld by which domain controller