?
Solved

Windows domain login server

Posted on 2014-01-06
7
Medium Priority
?
450 Views
Last Modified: 2014-01-07
I have four offices, each with their own DC, a mix of 2003 and 2008 servers. They are connected via a hardware VPN. My question is, how can you control what DC they login on in each office? I'm trying to retire an old 2003 server DC in one location, and I have transferred all five FSMO roles to the 2008 server that's been promoted. When I checked one of the users logon server, they showed a server in a remote office as being the logon server, rather than either the old 2003 server or the newly promoted 2008 server in their office. I just want to make sure the newly promoted '08 server is handling logins properly before I demote the old '03 machine. Thx for any help anyone can offer.
0
Comment
Question by:BScott52
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 13

Assisted Solution

by:dhoffman_98
dhoffman_98 earned 1000 total points
ID: 39759879
You don't have sites set up.

Each office is hopefully on their own subnet, and each subnet should be allocated to a site.
Then when a client machine is attempting to authenticate to a domain controller, it will prefer to contact a domain controller that is in the same site.

If a DC in the same site is not available, THEN it will traverse the network to talk to a remote one. But if you have one on the same site, then why waste the bandwidth and latency to talk to a remote location?
0
 

Author Comment

by:BScott52
ID: 39759914
That's what I'm puzzled about. Each office is on a different subnet, which the VPN requires.
The local subnet of the office I'm doing the work is on a 192.168.99.x subnet, and the user in that office that I checked had logged into the DC in an office with a 2.x subnet. I don't understand why. Thx.
0
 

Author Comment

by:BScott52
ID: 39759917
Not sure what you mean by not having the sites set up.
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 13

Expert Comment

by:dhoffman_98
ID: 39759942
You have to go into Active Directory Site and Subnets and create an actual SITE for each location. Otherwise, there is nothing that prevents a machine in Los Angeles from connecting to a domain controller in Australia.

You identify a Los Angeles site and you attribute the subnet for the Los Angeles location to that site. Then when the machine comes online and gets its IP address and queries the domain for a domain controller to authenticate against, it can connect to the domain controller in Los Angeles.

http://technet.microsoft.com/en-us/library/bb727051.aspx
0
 
LVL 35

Accepted Solution

by:
Seth Simmons earned 1000 total points
ID: 39759953
you have to go into AD Sites and Services and define sites there
you create subnets that exist in each site then associate that subnet with the appropriate site
the servers will then be part of that AD site and create site connections automatically for replication

computers will find a domain controller to authenticate with that's in the same site
if there are no domain controllers in a site then it will find other domain controllers in other sites which (depending on your topology) could cause network latency

your local office should be defined and associated with the 192.168.99.0 subnet while the other office would be a different site associated with the 192.168.2.0 subnet.

here is more documentation explaining everything
for this exercise, you want to focus on the second section "configure an additional site"

Active Directory Sites and Services
http://technet.microsoft.com/en-us/library/cc730868.aspx
0
 

Author Comment

by:BScott52
ID: 39759969
Wow, after all these years I can't believe I didn't know that. I'll take care of it. Thanks to both for your help.
0
 

Author Comment

by:BScott52
ID: 39763996
Thanks to you both for your assistance. Sorry for the delay in closing this out.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question