talltree
asked on
Force Workstation to authenticate to Domain Controller
Hi Experts,
Currently on AD using Windows 2012 r2 Domain Controllers. We want to do a DR test to see if users can log in if our main headwaters DC is down by being authenticated using a remote location DC. I want to to test it on one pc and force the pc to use the secondary DC while the Headwaters DC is still up.
I have tried editing the host file using #PRE and #DOM etc, no luck, removed the headquarters DC DNS entry using only the remote DC DNS with no luck.
Thanks
Client machines are Windows 7.
Currently on AD using Windows 2012 r2 Domain Controllers. We want to do a DR test to see if users can log in if our main headwaters DC is down by being authenticated using a remote location DC. I want to to test it on one pc and force the pc to use the secondary DC while the Headwaters DC is still up.
I have tried editing the host file using #PRE and #DOM etc, no luck, removed the headquarters DC DNS entry using only the remote DC DNS with no luck.
Thanks
Client machines are Windows 7.
If you have remote site connectivity, just change the DNS to the secondary DC.
host file entry will not help here
AD auth works on AD sites to subnet assignment
computer will get authenticated with domain controller in site where computer subnet is attached
if local DC is not available, AD try to locate nearest reachable domain controller, otherwise client will get authenticated with local site DC only
U need to play with site links where site link will contains local site and DR site so that if local site DC is not available, client will get authenticated with DR DC
DR DC need to be set as alternate / secondary DC in client tcpip properties
https://blogs.msmvps.com/acefekay/2010/01/03/the-dc-locator-process-the-logon-process-controlling-which-dc-responds-in-an-ad-site-and-srv-records/
AD auth works on AD sites to subnet assignment
computer will get authenticated with domain controller in site where computer subnet is attached
if local DC is not available, AD try to locate nearest reachable domain controller, otherwise client will get authenticated with local site DC only
U need to play with site links where site link will contains local site and DR site so that if local site DC is not available, client will get authenticated with DR DC
DR DC need to be set as alternate / secondary DC in client tcpip properties
https://blogs.msmvps.com/acefekay/2010/01/03/the-dc-locator-process-the-logon-process-controlling-which-dc-responds-in-an-ad-site-and-srv-records/
ASKER
Hi Guys,
I have changed the DNS to only reflect the Remote DC, still authenticates to the HQ DC.
Yes, Sites links are setup and and should work if HQ DC is not available by authenticated to the Remote DC, i am trying to test it by forcing the PC to authenticate to the remote DC while the HQ DC is still up.
Thanks
I have changed the DNS to only reflect the Remote DC, still authenticates to the HQ DC.
Yes, Sites links are setup and and should work if HQ DC is not available by authenticated to the Remote DC, i am trying to test it by forcing the PC to authenticate to the remote DC while the HQ DC is still up.
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Guys