Active Directory Sites and Services and user authentication

We have 2 sites in our AD Domain.  In Sites and Services have 2 sites setup.   Site A has 1 domain controller and has network 10.1.10.0/24, GC activated.
Site B has 1 domain controller  and has network 192.168.37.0/24 , GC activated
Users who authenticate at Site B lose domain controller.  Would these users from Site B go to Site A for Authentication?
hbpubAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike KlineCommented:
Are they using static IPs or would they get a new IP (DHCP) when the go to the new site.

Thanks

Mike
0
alicainCommented:
Assuming that the client devices in site B are able to commuincate with DNS (i.e. the DNS client is configured and there is network connectivity) and DNS has all the correct records published for the DC in site A, then yes.

Are there things that can be misconfigured to prevent that from happening seamlessly - yes...

Regards,
Alastair.
0
Life1430Commented:
Clients in site A should point to DC located in 10.1.10.0/24 subnet, Clients in site B should point to DC located in 10.1.10.0/24 subnet in there primary DNS settings (Whether on DHCP or static )
You run "Set l" to see on clients that where its being authenticated
additionally run dcdiag /q and repadmin /replsum on suspected DC to look for any errors

Additionally see below article to know more on Domain Controller Locator process

Domain Controller Locator : an overview
http://blogs.technet.com/b/arnaud_jumelet/archive/2010/07/05/domain-controller-locator-an-overview.aspx
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

piattndCommented:
Check this blog site out.  It explains your question above and explains how to use a "catch-all subnet" to control where these attempts will go.

If you only have 2 sites, this may be unnecessary.  If you ever grow or have more than 2 sites, this may become more applicable.

http://technet.microsoft.com/en-us/magazine/2009.06.subnets.aspx
0
SandeshdubeySenior Server EngineerCommented:
Users who authenticate at Site B lose domain controller.  Would these users from Site B go to Site A for Authentication?
Yes,If one DC fails client will look for other DC assuming dns is set correctly.

Ensure correct dns setting on client as below.
1. Each workstation/member server should point to local DNS server as primary DNS and other remote DNS servers as secondary.
2. Do not set public DNS server in TCP/IP setting of client/member server.

See below link too.

The DC Locator Process, The Logon Process, Controlling Which DC Responds in an AD Site, and SRV Records:http://msmvps.com/blogs/acefekay/archive/2010/01/03/the-dc-locator-process-the-logon-process-controlling-which-dc-responds-in-an-ad-site-and-srv-records.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
reynoldsradissonCommented:
Please take this as a basic guide...

Read this technet post and understand it before proceeding- http://technet.microsoft.com/en-us/library/cc730868.aspx

1- Add the remote site subnet in AD sites and services on your existing DC (see http://technet.microsoft.com/en-us/library/cc730718.aspx for a checklist)

2- Promote the server at the remote site to a DC (make sure all the forest functional level etc. is correct BEFORE this step)

3- Verify your intersite replication schedule (http://technet.microsoft.com/en-us/library/cc726020.aspx)

4- Run dcdiag on the HQ LAN and the remote office LAN to check functionality

5- Make a change to an account at HQ and verify that it is replicated according to the schedule in step 3

6- Make a change on the remote DC and verify that it is replicated correctly to the HQ DC (provided you did not set up a read-only DC for the remote office).
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.