Re: Active Directory problem
- From: "Anindya Sen" <AnindyaSen@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 27 Dec 2005 04:31:02 -0800
Thanks a lot. The first suggestion wehave already tested and it is absolutley
fine. I.e the sites and the subnets.
I will be trying to do the second suggestion and I will let u know. Thanks
for your support.
"Jorge de Almeida Pinto" wrote:
> FIRST...
>
> In AD you should:
> * Define sites for those well connected locations that have site aware
> services (e.g. DCs, Exchange, DFS..)
> * Define site links and configure their schedule, interval and cost and make
> the appropriate sites a member of the site link
> * Define subnets and link a subnet to the appropriate site (You need to
> define ALL subnets that have Windows clients/servers/DCs.)
>
> For locations that are not represented by a site in AD (because they do not
> have site aware services), link the subnets to the nearest location that is
> represented by a site in AD.
>
> You might also want to configure the DCs in the branch offices not to
> register domain
> wide DC locator records (see also: MS-KBQ306602_How to Optimize the Location
> of a DC or GC That Resides Outside of a Client's Site)
> Also take a look at the following articles:
> http://www.windowsitpro.com/Windows/Article/ArticleID/37935/37935.html
> http://www.windowsitpro.com/Article/ArticleID/40718/40718.html
>
> Also see:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/adsrv.mspx
> http://www.microsoft.com/technet/itsolutions/wssra/raguide/default.mspx (The
> Directory Service blueprint -> Enterprise Design for Active Directory ->
> "Designing the Site Topology" section.
>
>
> SECOND...
>
> When joining computers (clients or servers) to the domain the process that
> occurs is described at:
> http://blogs.dirteam.com/blogs/jorge/archive/2005/12/07/241.aspx. The issue
> you are experiencing is similar to the "first case described"
>
> When joining a computer to a domain, that same computer does not yet know to
> what site it belongs. Because of that it asks for ALL DCs in the domain (or
> more accurate: all DCs that have registered the domain wide service records,
> and by default those are all DCs in the domain). In this case you might get
> ANY DC were the account is created. Most of times only HUB DCs register
> domain wide service records or again more accurate non-HUB DCs are prevented
> from registering domain service records and will register only site wide
> service records.
>
> With the GUI it is not possible to target a specific DC. However, this IS
> possible is you use NETDOM. See below for the command line options...
>
> NETDOM ADD machine /Domain:domain [/UserD:user] [/PasswordD:[password | *]]
> [/Server:server] [/OU:ou path] [/DC]
>
> NETDOM ADD Adds a workstation or server account to the domain.
>
> machine is the name of the computer to be added
>
> /Domain Specifies the domain in which to create the machine account
>
> /UserD User account used to make the connection with the domain
> specified by the /Domain argument
>
> /PasswordD Password of the user account specified with /UserD. A *
> means
> to prompt for the password
>
> /Server Name of a specific domain controller that should be used to
> perform the Add. This option cannot be used with the /OU
> option.
>
> /OU Organizational unit under which to create the machine
> account.
> This must be a fully qualified RFC 1779 DN for the OU. When
> using this argument, you must be running directly on a
> domain
> controller for the specified domain.
> If this argument is not included, the account will be
> created
> under the default organization unit for machine objects for
> that domain.
>
> /DC Specifies that a domain controller's machine account is to
> be
> created. This option cannot be used with the /OU option.
>
> --
> Cheers,
> # Jorge de Almeida Pinto #
> BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
> -----------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no rights!
> * Always test before implementing!
> -----------------------------------------------------------------------------
>
>
> -----------------------------------------------------------------------------
> "Anindya Sen" <Anindya Sen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:8B50CF7D-ADD8-440A-9659-9E27300C20C4@xxxxxxxxxxxxxxxx
> > Hi,
> >
> > We have a 24 location windows 2003 active directory project. Here there
> > are also some 900 sites which are WAN locations( 64 KBps), which will
> > connect to these domain controllers.
> >
> > The problem is when a machine is this wan locations are joining the
> > domain, they are not joining the correct domain controller ( DNS is
> > pointing to the correct domain controller). This is causing a lot of
> > problems.
> >
> > Eg. A machine in site x having IP 10.10.4.5 and dns entry is 10.10.0.5.
> > 10.10.0.5 is the correct domain controller for the machine( according
> > to network architecture).
> >
> > But when it is joining the domain it is going to some other domain
> > controller say 10.80.0.5.
> >
> > nslookup a.co.in( where a.co.in) is the domain, returns all the ips of
> > the a.co.in DCs and it keeps on changing( even the first value).
> >
> > Please help
> > Anindya
> >
>
>
>
.
- References:
- Re: Active Directory problem
- From: Jorge de Almeida Pinto
- Re: Active Directory problem
- Prev by Date: Re: Active Directory problem
- Next by Date: DNS resolution order with multihomed host
- Previous by thread: Re: Active Directory problem
- Next by thread: Re: Active Directory problem
- Index(es):
Relevant Pages
|
Loading
