Re: AD Sites and Services Question
- From: Keith <Keith@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 15 Dec 2006 14:56:01 -0800
I just wanted to say thanks for all the help. By getting the authentication
straightened out I was able to shave their logons by about 30 seconds.
"Paul Bergson [MVP-DS]" wrote:
I would remove any of the sites that didn't have any servers in them and.
realign the ip addresses to sites with servers. If you need to add
additional sites later just add them and move the sites and dc's to them.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Keith" <Keith@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F8C67FF0-1999-45D0-AF3D-9C9934345556@xxxxxxxxxxxxxxxx
Update -
I went ahead and tried just pointing the subnet in question to the TO site
that has the local DC desired and did the gpupdate on one of the machines
and
it's now pointing to the correct DC. I don't know if this is best
practices,
but it did work. I'd still like to hear back on the changes I did make
if
that was good/bad/ugly...
"Keith" wrote:
Paul:
Tested the set logonserver and it is showing the DC on the remote site.
Downloaded your script (which is awesome by the way) and poking through
this
aside from some FRSEVENT errors (Different site in question and I
believe is
due to some T1 issues we were having yesterday) AD looks good.
Ace:
Checked the SRV records in DNS and everything looks good in there as
well.
I had one old NS record that I deleted for a server that no longer
existed.
LDAP is working on the 3 DC's as well.
Here's a quick run down of how sites and services looks.
CC (Remote Site)
-ServerB
SC (Remote Site)
-ServerC
PD (Local)
-NoServer
TO (Local)
-ServerA
VT (Remote)
-NoServer
Subnets
1.31.0.0 - PD
192.168.1.0 - TO
192.168.2.0 - SC
192.168.3.0 - CC
192.168.4.0 - VT
With all that the sites in question are PD is the one in question. It
Looks
at the CC site with ServerB as the authenticating server. I need it to
authenticate with TO site ServerA.
Here's an idea, would it make sense to delete the PD site since
technically
it has nothing in it and redirect the PD subnet to TO? Am I insane? The
PD
site was created in case we ever did stick an AD server into that
network.
"Paul Bergson [MVP-DS]" wrote:
When you have a slow logon that is suspect, bring up a command prompt
and
type in
set logonserver
Look at the name and see if the DC shown is within the site you
expected it
to logon too.
Run diagnostics against your Active Directory domain.
If you don't have the tools installed, install them from your server
install
disk.
d:\support\tools\setup.exe
Run dcdiag, netdiag and repadmin in verbose mode.
-> dcdiag /e /c /v /s:DC_Name /f:c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be
output
in notepad text files that pop up automagically.
The script is located in the download section on my website at
http://www.pbbergs.com
Just select both dcdiag and netdiag make sure verbose is set. (Leave
the
default settings for dcdiag as set when selected)
When complete search for fail, error and warning messages.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Keith" <Keith@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6E7D0DA4-8E92-4276-9924-44026993D94C@xxxxxxxxxxxxxxxx
Hello Everyone,
I'm hoping you might be able to help me with an issue I'm having. Is
there
a way in Sites and Services to specify which DC a site will look for
first?
I'm having an issue where one of my two networks in the same domain
authenticates with a DC at a remote site rather than locally.
Thanks!
Keith
Background:
I have 2 networks on 1 domain. Network A exists at my main office
and 2
remote sites. Network B only resides at the main office. Network B
authenticates with Network A DC's, but continues to go across out T1
to
the
remote site for this and I believe it's causing our slow logon issue.
I've
been told this needs to be changed in Sites and Services, but beyond
that
given no additional information as how to change it.
- Follow-Ups:
- Re: AD Sites and Services Question
- From: Ace Fekay [MVP]
- Re: AD Sites and Services Question
- References:
- Re: AD Sites and Services Question
- From: Paul Bergson [MVP-DS]
- Re: AD Sites and Services Question
- From: Keith
- Re: AD Sites and Services Question
- From: Keith
- Re: AD Sites and Services Question
- From: Paul Bergson [MVP-DS]
- Re: AD Sites and Services Question
- Prev by Date: Re: Computer Accounts need to be reset
- Next by Date: GPO issue
- Previous by thread: Re: AD Sites and Services Question
- Next by thread: Re: AD Sites and Services Question
- Index(es):
Relevant Pages
|
