I have four offices, each with their own DC, a mix of 2003 and 2008 servers. They are connected via a hardware VPN. My question is, how can you control what DC they login on in each office? I'm trying to retire an old 2003 server DC in one location, and I have transferred all five FSMO roles to the 2008 server that's been promoted. When I checked one of the users logon server, they showed a server in a remote office as being the logon server, rather than either the old 2003 server or the newly promoted 2008 server in their office. I just want to make sure the newly promoted '08 server is handling logins properly before I demote the old '03 machine. Thx for any help anyone can offer.