Re: Forcing Domain User account to authenticate to only one DC
- From: "Technoid" <joel.apley@xxxxxxxxxxxxx>
- Date: 25 Aug 2006 07:47:11 -0700
Joe,
You're right on the money. I did extensive research on the appplication
software that uses this account. The code was written for NT 4.0
accounts which search for the highest domain controller in the domain
to authenticate. The DC we have in Australia just happens to be our
lead DC. Will require an application upgrade. WAY too many risks
involved in that right now. (we are heavily regulated by the FDA) Quick
fix is to add a static route through another North america location
(not in hurricane alley) to Australia.
Another option we are thinking of is to simply use local user accounts
on the servers.
Thanks for your input.
Joel Apley
Network Engineer
Joe Richards [MVP] wrote:
Oh this could be an application issue then. Try to use the ID to log
into a workstation and look to see where it is auth'ed at.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Technoid wrote:
Joe,
Thanks for the input. This particular account is only called for login
by the application running my production environment.. ALL OTHER USERS
at my site and in the same container are able to log in successfully
using the local DC.
Joel
Joe Richards [MVP] wrote:
Does this occur from every machine the user tries to log into or only
from a single machine, if from a single machine does it occur to every
user trying to log on there?
This isn't how it should work, it should be authenticating locally
though locally is defined in how you set up your network topology in AD.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Technoid wrote:
All,
I have an issue with a domain user account that is critical to our
production system. For some reason, this account tries to authenticate
to the head DC in Australia instead of authenticating to our local DC
here on site. (like a NT 4.0 account would go to the top of the domain
to autheticate)
Is there a way to force this domain account to authenticate through the
local DC and no others.
Thanks in advance for any input on this.
.
- References:
- Forcing Domain User account to authenticate to only one DC
- From: Technoid
- Re: Forcing Domain User account to authenticate to only one DC
- From: Joe Richards [MVP]
- Re: Forcing Domain User account to authenticate to only one DC
- From: Technoid
- Re: Forcing Domain User account to authenticate to only one DC
- From: Joe Richards [MVP]
- Forcing Domain User account to authenticate to only one DC
- Prev by Date: Re: Integration issues...
- Next by Date: Re: Home Folder directing to wrong location
- Previous by thread: Re: Forcing Domain User account to authenticate to only one DC
- Next by thread: Re: Reset password when machine not a memeber of domain
- Index(es):
Relevant Pages
|
