Re: AD Sites and Services Question

Does it work? It's good.


"Keith" <Keith@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:F8C67FF0-1999-45D0-AF3D-9C9934345556@xxxxxxxxxxxxxxxx
Update -

I went ahead and tried just pointing the subnet in question to the TO site
that has the local DC desired and did the gpupdate on one of the machines and
it's now pointing to the correct DC. I don't know if this is best practices,
but it did work. I'd still like to hear back on the changes I did make if
that was good/bad/ugly...

"Keith" wrote:

Paul:
Tested the set logonserver and it is showing the DC on the remote site.

Downloaded your script (which is awesome by the way) and poking through this
aside from some FRSEVENT errors (Different site in question and I believe is
due to some T1 issues we were having yesterday) AD looks good.

Ace:
Checked the SRV records in DNS and everything looks good in there as well.
I had one old NS record that I deleted for a server that no longer existed.
LDAP is working on the 3 DC's as well.

Here's a quick run down of how sites and services looks.

CC (Remote Site)
-ServerB

SC (Remote Site)
-ServerC

PD (Local)
-NoServer

TO (Local)
-ServerA

VT (Remote)
-NoServer

Subnets
1.31.0.0 - PD
192.168.1.0 - TO
192.168.2.0 - SC
192.168.3.0 - CC
192.168.4.0 - VT

With all that the sites in question are PD is the one in question. It Looks
at the CC site with ServerB as the authenticating server. I need it to
authenticate with TO site ServerA.

Here's an idea, would it make sense to delete the PD site since technically
it has nothing in it and redirect the PD subnet to TO? Am I insane? The PD
site was created in case we ever did stick an AD server into that network.

"Paul Bergson [MVP-DS]" wrote:

> When you have a slow logon that is suspect, bring up a command prompt > and
> type in
> set logonserver
>
> Look at the name and see if the DC shown is within the site you > expected it
> to logon too.
>
>
> Run diagnostics against your Active Directory domain.
>
> If you don't have the tools installed, install them from your server > install
> disk.
> d:\support\tools\setup.exe
>
> Run dcdiag, netdiag and repadmin in verbose mode.
> -> dcdiag /e /c /v /s:DC_Name /f:c:\dcdiag.log
> -> netdiag.exe /v > c:\netdiag.log (On each dc)
> -> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
>
> If you download a gui script I wrote it should be simple to set and run
> (DCDiag and NetDiag). It also has the option to run individual tests
> without having to learn all the switch options. The details will be > output
> in notepad text files that pop up automagically.
>
> The script is located in the download section on my website at
> http://www.pbbergs.com
>
> Just select both dcdiag and netdiag make sure verbose is set. (Leave > the
> default settings for dcdiag as set when selected)
>
> When complete search for fail, error and warning messages.
>
>
> -- > Paul Bergson
> MVP - Directory Services
> MCT, MCSE, MCSA, Security+, BS CSci
> 2003, 2000 (Early Achiever), NT
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no > rights.
>
> "Keith" <Keith@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:6E7D0DA4-8E92-4276-9924-44026993D94C@xxxxxxxxxxxxxxxx
> > Hello Everyone,
> >
> > I'm hoping you might be able to help me with an issue I'm having. Is
> > there
> > a way in Sites and Services to specify which DC a site will look for
> > first?
> > I'm having an issue where one of my two networks in the same domain
> > authenticates with a DC at a remote site rather than locally.
> >
> > Thanks!
> > Keith
> >
> > Background:
> > I have 2 networks on 1 domain. Network A exists at my main office > > and 2
> > remote sites. Network B only resides at the main office. Network B
> > authenticates with Network A DC's, but continues to go across out T1 > > to
> > the
> > remote site for this and I believe it's causing our slow logon issue.
> > I've
> > been told this needs to be changed in Sites and Services, but beyond > > that
> > given no additional information as how to change it.
>
>
>

.

Relevant Pages

  • Re: AD Sites and Services Question
    ... Tested the set logonserver and it is showing the DC on the remote site. ... I had one old NS record that I deleted for a server that no longer existed. ... site was created in case we ever did stick an AD server into that network. ... Run dcdiag, netdiag and repadmin in verbose mode. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Connecting a remote office
    ... "Mathieu CHATEAU" wrote: ... Is it a simple low cost ADSL or strong network ... How would I setup the server on this remote site. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows 2000 Server Replication Problem
    ... Just because you can ping a remote site doesn't mean that you can ... If you don't have the support tools installed, install them from your server ... Run dcdiag, netdiag and repadmin in verbose mode. ... I am having windows server 2000 Replication problem as follows ...
    (microsoft.public.win2000.active_directory)
  • Re: AD Sites and Services Question
    ... Tested the set logonserver and it is showing the DC on the remote site. ... I had one old NS record that I deleted for a server that no longer ... Network A exists at my main office ... authenticates with Network A DC's, but continues to go across out T1 ...
    (microsoft.public.windows.server.active_directory)
  • Re: VPN to Windows 2003 server
    ... Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on ... > VPN tunnel from the remote site to the SOHO box using ... > ping the server sucessfully. ... > I bring up network neighborhood and when I click on the ...
    (microsoft.public.windows.server.networking)
Loading