Re: logon
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 02/04/05
- Next message: Andrew: "Re: moving to new domain"
- Previous message: Cary Shultz [A.D. MVP]: "Re: Delegating Administrative rights to OU's"
- In reply to: ptwilliams: "Re: logon"
- Next in thread: Cary Shultz [A.D. MVP]: "Re: logon"
- Reply: Cary Shultz [A.D. MVP]: "Re: logon"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 4 Feb 2005 05:00:05 -0500
Ditto to what Paul stated!
It is generally recommended that in a small environment ( specifically a
single-domain Forest ) that all Domain Controllers are also Global Catalog
Servers. Check to make sure that you are running DDNS on at least two of
the Domain Controllers and that your DHCP Server give out the correct
information ( options 003, 006 and 015.....and 044 and 046 if running WINS
....at the very least ) along with the IP Address lease. The big on is
Option 006 where the client is given the DNS Server(s) information. Make
sure that it is giving out only your internal DNS Server information. There
is no place in here for your ISP's DNS information. That belongs in the
Forwarders tab in the FLZ in your DNS MMC.
Also, if there are other problems you might want to consider running the
Support Tools on all of your Servers ( Domain Controllers, Member Servers,
etc. ) and run dcdiag /c /v on the Domain Controllers and netdiag /v on all
of your servers. You might also want to run repadmin /v ( or repadmin
/showreps and repadmin /showconn ) on all of the domain controllers. This
will give you a better idea of what is going on with your environment.
netdom query fsmo might also be a good thing to run.......
-- Cary W. Shultz Roanoke, VA 24014 Microsoft Active Directory MVP http://www.activedirectory-win2000.com http://www.grouppolicy-win2000.com "ptwilliams" <ptw2001@hotmail.com> wrote in message news:eLlVHjpCFHA.3888@TK2MSFTNGP09.phx.gbl... > In order to ensure that other DCs can answer authentication requests you > need to ensure that the clients are pointing to more than one internal DNS > server (usually DCs) and that all DCs have correctly registered in DNS. > > In your case, I assume that the DC that does the logon's is also the DNS > server? When that box is down, how can clients lookup other DCs if they > can't get an answer from DNS. > > It is also recommended that you have at least two GCs. In a single domain > environment (or a small forest) I would recommend that all DCs are GCs. > You > make a DC a GC like this: > -- http://www.msresource.net/content/view/25/47/ > > > If you've not done so already, I suggest you make your DNS Active > Directory-Integrated. There's a small section in this article that shows > you how to do this: > -- http://www.msresource.net/content/view/24/47/ > > > Hope this helps, > > > -- > > Paul Williams > > http://www.msresource.net/ > http://forums.msresource.net/ > > "emslan" <emslan@discussions.microsoft.com> wrote in message > news:6982CFEB-5511-48FA-8E2B-8517FE23131B@microsoft.com... > hi to all, > We have a problem in login if the master DC win2k is down. however we have > 4 > DC to serve the authentication. how can we make sure that to load the > balance. I think the authentication is burn in master DC for all host. Pls > need an urgent help, > Thanks in advance. > >
- Next message: Andrew: "Re: moving to new domain"
- Previous message: Cary Shultz [A.D. MVP]: "Re: Delegating Administrative rights to OU's"
- In reply to: ptwilliams: "Re: logon"
- Next in thread: Cary Shultz [A.D. MVP]: "Re: logon"
- Reply: Cary Shultz [A.D. MVP]: "Re: logon"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
