Re: AD Sites and Services Question

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Update -

I went ahead and tried just pointing the subnet in question to the TO site
that has the local DC desired and did the gpupdate on one of the machines and
it's now pointing to the correct DC. I don't know if this is best practices,
but it did work. I'd still like to hear back on the changes I did make if
that was good/bad/ugly...

"Keith" wrote:

Paul:
Tested the set logonserver and it is showing the DC on the remote site.

Downloaded your script (which is awesome by the way) and poking through this
aside from some FRSEVENT errors (Different site in question and I believe is
due to some T1 issues we were having yesterday) AD looks good.

Ace:
Checked the SRV records in DNS and everything looks good in there as well.
I had one old NS record that I deleted for a server that no longer existed.
LDAP is working on the 3 DC's as well.

Here's a quick run down of how sites and services looks.

CC (Remote Site)
-ServerB

SC (Remote Site)
-ServerC

PD (Local)
-NoServer

TO (Local)
-ServerA

VT (Remote)
-NoServer

Subnets
1.31.0.0 - PD
192.168.1.0 - TO
192.168.2.0 - SC
192.168.3.0 - CC
192.168.4.0 - VT

With all that the sites in question are PD is the one in question. It Looks
at the CC site with ServerB as the authenticating server. I need it to
authenticate with TO site ServerA.

Here's an idea, would it make sense to delete the PD site since technically
it has nothing in it and redirect the PD subnet to TO? Am I insane? The PD
site was created in case we ever did stick an AD server into that network.

"Paul Bergson [MVP-DS]" wrote:

When you have a slow logon that is suspect, bring up a command prompt and
type in
set logonserver

Look at the name and see if the DC shown is within the site you expected it
to logon too.


Run diagnostics against your Active Directory domain.

If you don't have the tools installed, install them from your server install
disk.
d:\support\tools\setup.exe

Run dcdiag, netdiag and repadmin in verbose mode.
-> dcdiag /e /c /v /s:DC_Name /f:c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt

If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be output
in notepad text files that pop up automagically.

The script is located in the download section on my website at
http://www.pbbergs.com

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Keith" <Keith@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6E7D0DA4-8E92-4276-9924-44026993D94C@xxxxxxxxxxxxxxxx
Hello Everyone,

I'm hoping you might be able to help me with an issue I'm having. Is
there
a way in Sites and Services to specify which DC a site will look for
first?
I'm having an issue where one of my two networks in the same domain
authenticates with a DC at a remote site rather than locally.

Thanks!
Keith

Background:
I have 2 networks on 1 domain. Network A exists at my main office and 2
remote sites. Network B only resides at the main office. Network B
authenticates with Network A DC's, but continues to go across out T1 to
the
remote site for this and I believe it's causing our slow logon issue.
I've
been told this needs to be changed in Sites and Services, but beyond that
given no additional information as how to change it.



.

Relevant Pages

  • Re: Connecting a remote office
    ... "Mathieu CHATEAU" wrote: ... Is it a simple low cost ADSL or strong network ... How would I setup the server on this remote site. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows 2000 Server Replication Problem
    ... Just because you can ping a remote site doesn't mean that you can ... If you don't have the support tools installed, install them from your server ... Run dcdiag, netdiag and repadmin in verbose mode. ... I am having windows server 2000 Replication problem as follows ...
    (microsoft.public.win2000.active_directory)
  • Re: AD Sites and Services Question
    ... Tested the set logonserver and it is showing the DC on the remote site. ... I had one old NS record that I deleted for a server that no longer existed. ... > Run dcdiag, netdiag and repadmin in verbose mode. ... Network B only resides at the main office. ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Sites and Services Question
    ... Tested the set logonserver and it is showing the DC on the remote site. ... I had one old NS record that I deleted for a server that no longer ... Network A exists at my main office ... authenticates with Network A DC's, but continues to go across out T1 ...
    (microsoft.public.windows.server.active_directory)
  • Re: VPN to Windows 2003 server
    ... Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on ... > VPN tunnel from the remote site to the SOHO box using ... > ping the server sucessfully. ... > I bring up network neighborhood and when I click on the ...
    (microsoft.public.windows.server.networking)