Re: Authenticaton Windows 2003 AD

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi,

One command that you can use is:
echo %logonserver%

it should tell you which DC authenticated the client...

The other question...
- did you set up Active Directory Sites?

Let say you have two subnets with IP addresses e.g. 10.10.10.0/24 and
10.10.20.0/24. These would be two Active Directory sites (10.10.10.0 is one
and 10.10.20.0 is the other one).

When you set up Active Directory sites and client with e.g. IP address
10.10.20.20 looks into DNS what domain controllers are available to it, it
gets back a list of DCs. Let say there are two DCs. One with IP address
10.10.10.5 and the other one with IP address 10.10.20.5. Since 10.10.20.5 is
in the same subnet as the client and which would usually mean it is on same
network (fast connection) it will use this one and only fall back to
10.10.10.5 if 10.10.20.5 fails. You can configure which IP addresses (and
what subnet masks) belong to which Active Directory site.

Here is some more information on this:
Step-by-Step Guide to Active Directory Sites and Services
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/activedirectory/stepbystep/adsrv.mspx


Another thing I would recommend you is to make sure that your branch office
computers use DNS server in that branch - if possible (you can make your DC
also DNS server).

I hope this helps you out,

--
Mike
Microsoft MVP - Windows Security

"butter" <butter@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EA2A9224-9CA9-4CC8-9F61-F6C9ABF45C15@xxxxxxxxxxxxxxxx
I have 2 domain controllers in my local office and 1 domain controller at a
remote location. How does Windows determine which DC to authenticate
against
when a user logs in. It seems at this point that all my local users are
might be authenticating at my remote site. Is there anyway to tell where
someone is authenticating at?


.

Quantcast