Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windows domain login server

Posted on 2014-01-06
7
Medium Priority
?
451 Views
Last Modified: 2014-01-07
I have four offices, each with their own DC, a mix of 2003 and 2008 servers. They are connected via a hardware VPN. My question is, how can you control what DC they login on in each office? I'm trying to retire an old 2003 server DC in one location, and I have transferred all five FSMO roles to the 2008 server that's been promoted. When I checked one of the users logon server, they showed a server in a remote office as being the logon server, rather than either the old 2003 server or the newly promoted 2008 server in their office. I just want to make sure the newly promoted '08 server is handling logins properly before I demote the old '03 machine. Thx for any help anyone can offer.
0
Comment
Question by:BScott52
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 13

Assisted Solution

by:dhoffman_98
dhoffman_98 earned 1000 total points
ID: 39759879
You don't have sites set up.

Each office is hopefully on their own subnet, and each subnet should be allocated to a site.
Then when a client machine is attempting to authenticate to a domain controller, it will prefer to contact a domain controller that is in the same site.

If a DC in the same site is not available, THEN it will traverse the network to talk to a remote one. But if you have one on the same site, then why waste the bandwidth and latency to talk to a remote location?
0
 

Author Comment

by:BScott52
ID: 39759914
That's what I'm puzzled about. Each office is on a different subnet, which the VPN requires.
The local subnet of the office I'm doing the work is on a 192.168.99.x subnet, and the user in that office that I checked had logged into the DC in an office with a 2.x subnet. I don't understand why. Thx.
0
 

Author Comment

by:BScott52
ID: 39759917
Not sure what you mean by not having the sites set up.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 13

Expert Comment

by:dhoffman_98
ID: 39759942
You have to go into Active Directory Site and Subnets and create an actual SITE for each location. Otherwise, there is nothing that prevents a machine in Los Angeles from connecting to a domain controller in Australia.

You identify a Los Angeles site and you attribute the subnet for the Los Angeles location to that site. Then when the machine comes online and gets its IP address and queries the domain for a domain controller to authenticate against, it can connect to the domain controller in Los Angeles.

http://technet.microsoft.com/en-us/library/bb727051.aspx
0
 
LVL 35

Accepted Solution

by:
Seth Simmons earned 1000 total points
ID: 39759953
you have to go into AD Sites and Services and define sites there
you create subnets that exist in each site then associate that subnet with the appropriate site
the servers will then be part of that AD site and create site connections automatically for replication

computers will find a domain controller to authenticate with that's in the same site
if there are no domain controllers in a site then it will find other domain controllers in other sites which (depending on your topology) could cause network latency

your local office should be defined and associated with the 192.168.99.0 subnet while the other office would be a different site associated with the 192.168.2.0 subnet.

here is more documentation explaining everything
for this exercise, you want to focus on the second section "configure an additional site"

Active Directory Sites and Services
http://technet.microsoft.com/en-us/library/cc730868.aspx
0
 

Author Comment

by:BScott52
ID: 39759969
Wow, after all these years I can't believe I didn't know that. I'll take care of it. Thanks to both for your help.
0
 

Author Comment

by:BScott52
ID: 39763996
Thanks to you both for your assistance. Sorry for the delay in closing this out.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question