Why Are My Users Not Logged-on to a Local DC?

Hi Experts,

Most of my users are logged on to a DC at a remote site instead of their local DCs (some DC's are hundreds of miles away)?  What caused this and why please, and how to correct this problem?  Thanks.
swgitIT ProfessionalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joshua GrantomSenior Systems AdministratorCommented:
I would check your DHCP Scopes to see what your DNS and default gateways are set to?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Do you have your sites set up correctly in Active Directory:

An AD site should contain all subnets in that particular site(normally a geographical location), and the Domain Controller(s) for that particular site. That way, all clients in a site know which DCs to connect to. You can also configure site links and assign them network cost... this way you can control which DCs your clients connect to if the DC(s) in their own sites are offline for whatever reason.
FYI: Correctly configuring your AD sites also helps you control your replication traffic, as the DCs also use the links that you define and determine who they replicate with based on the network cost that you assign to the site links.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

swgitIT ProfessionalAuthor Commented:
@Joshua and Spyder2010 -- I'm still looking into this.. will let you know soon.  Thanks.
The default, out-of-the-box configuration for AD is just one site, I think it's called 'Default-First-Site-Name' or something like that. All DCs are put in this site, and this site acts as an 'if all else fails' bucket... meaning that if a subnet is not defined in any other site(out of the box there are no other sites), it will default to be included in the Default-First-Site-Name. So if no one has configured your AD sites, you end up with all DCs and all subnets in one site, where any client can connect to any DC in the domain, with no consideration as to physical locations, network cost, etc...

If this is the case, and you have a geographically disperse network, you should spend some time planning which DCs you want to replicate with each other, and which sets of clients should be connected to which DC(s). Once you have your topology plan in place, it is fairly easy to create the sites and links, and define the subnets in each site... but do spend some time planning out the topology before you jump in.
swgitIT ProfessionalAuthor Commented:
Different subnets and sites were defined for each of the physical locations.  However, there is only (1) single IP site link for all the sites with the cost of 100 and replication interval of 180 minutes.  Should I change anything here?  Users are randomly connected to different DC's on different days... Not sure what else to make of this...  Thanks.
As long as you have Active Directory site objects defined for each physical location, and each of these site objects contain the subnets(both client and server subnets) for the network(s) located at that physical location, as well as the domain controller(s) at that physical location... that should assure that any clients that belong to a subnet that is defined in a site object will log into the domain controller(s) defined in that same site object.

The site link objects are more for controlling which domain controllers replicate with each other. You can use them to define hub and spoke replication topologies and such. If you don't care which DCs are replicating with each other, then there is no real need to mess with the site links... you just need to define the sites themselves, and populate them with the subnets and DCs that they own.

Active Directory Sites and Services is the tool you use to create and populate the sites.
swgitIT ProfessionalAuthor Commented:
..seems to be fine one day, and not another... i guess as long as they can logon quickly, then it's fine..  thanks both!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.