Solved

Windows domain login server

Posted on 2014-01-06
7
430 Views
Last Modified: 2014-01-07
I have four offices, each with their own DC, a mix of 2003 and 2008 servers. They are connected via a hardware VPN. My question is, how can you control what DC they login on in each office? I'm trying to retire an old 2003 server DC in one location, and I have transferred all five FSMO roles to the 2008 server that's been promoted. When I checked one of the users logon server, they showed a server in a remote office as being the logon server, rather than either the old 2003 server or the newly promoted 2008 server in their office. I just want to make sure the newly promoted '08 server is handling logins properly before I demote the old '03 machine. Thx for any help anyone can offer.
0
Comment
Question by:BScott52
  • 4
  • 2
7 Comments
 
LVL 13

Assisted Solution

by:dhoffman_98
dhoffman_98 earned 250 total points
ID: 39759879
You don't have sites set up.

Each office is hopefully on their own subnet, and each subnet should be allocated to a site.
Then when a client machine is attempting to authenticate to a domain controller, it will prefer to contact a domain controller that is in the same site.

If a DC in the same site is not available, THEN it will traverse the network to talk to a remote one. But if you have one on the same site, then why waste the bandwidth and latency to talk to a remote location?
0
 

Author Comment

by:BScott52
ID: 39759914
That's what I'm puzzled about. Each office is on a different subnet, which the VPN requires.
The local subnet of the office I'm doing the work is on a 192.168.99.x subnet, and the user in that office that I checked had logged into the DC in an office with a 2.x subnet. I don't understand why. Thx.
0
 

Author Comment

by:BScott52
ID: 39759917
Not sure what you mean by not having the sites set up.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 13

Expert Comment

by:dhoffman_98
ID: 39759942
You have to go into Active Directory Site and Subnets and create an actual SITE for each location. Otherwise, there is nothing that prevents a machine in Los Angeles from connecting to a domain controller in Australia.

You identify a Los Angeles site and you attribute the subnet for the Los Angeles location to that site. Then when the machine comes online and gets its IP address and queries the domain for a domain controller to authenticate against, it can connect to the domain controller in Los Angeles.

http://technet.microsoft.com/en-us/library/bb727051.aspx
0
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 250 total points
ID: 39759953
you have to go into AD Sites and Services and define sites there
you create subnets that exist in each site then associate that subnet with the appropriate site
the servers will then be part of that AD site and create site connections automatically for replication

computers will find a domain controller to authenticate with that's in the same site
if there are no domain controllers in a site then it will find other domain controllers in other sites which (depending on your topology) could cause network latency

your local office should be defined and associated with the 192.168.99.0 subnet while the other office would be a different site associated with the 192.168.2.0 subnet.

here is more documentation explaining everything
for this exercise, you want to focus on the second section "configure an additional site"

Active Directory Sites and Services
http://technet.microsoft.com/en-us/library/cc730868.aspx
0
 

Author Comment

by:BScott52
ID: 39759969
Wow, after all these years I can't believe I didn't know that. I'll take care of it. Thanks to both for your help.
0
 

Author Comment

by:BScott52
ID: 39763996
Thanks to you both for your assistance. Sorry for the delay in closing this out.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
A procedure for exporting installed hotfix details of remote computers using powershell
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now