Re: Force client to authenticate against specific DC
From: Ashraf (Ashraf_at_discussions.microsoft.com)
Date: 01/27/05
- Next message: Springside: "Print Server in AD"
- Previous message: George K.: "Group Policy"
- In reply to: ptwilliams: "Re: Force client to authenticate against specific DC"
- Next in thread: ptwilliams: "Re: Force client to authenticate against specific DC"
- Reply: ptwilliams: "Re: Force client to authenticate against specific DC"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 27 Jan 2005 12:51:02 -0800
I actually thought of moving the domain controller from one site to another,
but I'm little bit histant in doing that. I have two subnets under my sites
and services and both of them are assigned to one Site. I'm planning to
create new Site and assigne it to my remote site subnet and then do a move
for the domain controller that is in the remote site and has an IP address of
the remote site's subnet. Would you think that this will work?
"ptwilliams" wrote:
> The other important thing to remember when localising traffic is to ensure
> that there's a local (to the site) DNS server that the local clients point
> to (not an absolute need, but 99.9% recommended).
>
> This DC should obviously be a GC too.
>
> There is a way to kind of force preference to one DC over another, but I
> won't go into that. Correctly configuring AD Sites (and DNS) will do this
> for you ;-)
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:OLVGjs%23AFHA.3840@tk2msftngp13.phx.gbl...
> "Ashraf" <Ashraf@discussions.microsoft.com> wrote in message
> news:AC3D8FD7-4058-4BCF-AD25-D9AC804F5295@microsoft.com...
> > I have a remote site that has local DC in that site and I would like to
> force
> > all the W2K clients in that site to authenticate to that DC
>
> You cannot directly do that, and should not try, but....
>
> > when they login
> > to the domain in the morning. Can someone tell me if there is a way or
> not.
>
> You can and should ENCOURAGE the clients to use the
> local DC which they will if you setup your SITES in
> AD Sites and Services.
>
> Clients on a site (an IP among the site's subnets) will
> strongly prefer a local DC but attempt to find another
> when that one is down, even if they must go offsite.
>
> Do you have your OWN sites defined?
>
> Go into AD Sites and Services.
>
> 1) Create the new SITE.
>
> 2) Optionally Rename the default first site to
> indicate the real name of your main location.
>
> 3) Create a SUBNET (or subnets) for each location
> and assign each to the proper site
>
> 4) Create a SITE LINK from each site to at least one
> other site so that all sites are interconnected either
> directly or indirectly but so there are no islands
> that cannot reach the rest of the sites.
> Optionally adjust:
> a) Schedule (hours when replication is permitted)
> b) Frequency (how often DC can replicate across site links)
> c) Cost (only relevant if you have more than one site link
> and really only if you have multiple pathways for
> replication.)
>
> (Let it all replicate).
>
> 5) Move the remote DC to it's proper site
> (you might run DCDiag on the moved DC to see if it has
> updated DNS correctly -- or even stop/start the NetLogon
> service on that DC to remind it to re-register with DNS --
> if everything goes right, it will list itself in the proper
> _SiteName subdomains in your DNS .)
>
> After this whole think replicates, you will find that local
> clients will prefer the "own" local DC in the same site.
>
> --
> Herb Martin
>
>
> >
> > Thanks
>
>
>
>
- Next message: Springside: "Print Server in AD"
- Previous message: George K.: "Group Policy"
- In reply to: ptwilliams: "Re: Force client to authenticate against specific DC"
- Next in thread: ptwilliams: "Re: Force client to authenticate against specific DC"
- Reply: ptwilliams: "Re: Force client to authenticate against specific DC"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
