Re: Which Domain Controller is doing the authenticating?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Whichever is not busy at the time. The client basically requests
authentication, the first DC able to do so responds. In a single location
LAN, they are pretty much the same. It is possible that a DC half-way
across the globe connected with an OC48 can respond faster than the one
under your desk.

"=?Utf-8?B?dmlkcm8=?=" <vidro@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:56C4FAB2-5739-4E9C-AE68-ED219C64488D@xxxxxxxxxxxxx:

> So if you have 2 or 3 DC's on the same subnet the distinguishing
> factor for a preferred authentication server would be what?
> If the answer for the previous question is "The closest" what would be
> the discerning value for "closest" ?
> I guess I'm asking if physically a DC is 10 feet from a client is it
> possible that a DC 100yrds away could be doing the authentication for
> that client?
>
>
>
> "Miha Pihler [MVP]" wrote:
>
>> Hi,
>>
>> You can run following command on your server...
>>
>> echo %logonserver%
>>
>> and it will tell you which server authenticated you.
>>
>> If computers are in different subnets - you could implement Sites and
>> force clients to try and connect to nearest DC first (nearest DC
>> would be one in same subnet (Site)).
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "vidro" <vidro@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:07CF12D1-7224-4426-8B89-3FB89B81B009@xxxxxxxxxxxxxxxx
>> > Enviroment = Windows 2003 Active Directory
>> >
>> > Having multiple, DC's how can I find out which DC authenticated
>> > certain clients?
>> > How can I configure clients to be authenticated by specific DC's?
>>
>>
>>

.

Relevant Pages

  • [Full-disclosure] [GOATSE SECURITY] Clench: Goatses way to say "screw you" to certificate author
    ... Application layer authentication-inherent validation of public key ... Goatse Security’s new simple password-based authentication mechanism ... getting hundreds of thousands or millions of users to install a client ... client hashes locally and then sends the hash to the server. ...
    (Full-Disclosure)
  • Re: WCF security advice (and clarification) needed
    ... You, the client, resolve the foo.mycompany.com hostname within your ... TCP/IP) with that ticket as the security token. ... There are two parties participating in a security scenario, the server ... HTTP supports other authentication ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: SSPI Kerberos for delegation
    ... We want the authentication to happen without providing credentials ... But SSPI while authenticating from the client to the server can do mutual ...
    (comp.protocols.kerberos)
  • Re: Aironet 1200/Radius Help Needed
    ... I just fired up a W2003 Advanced Server so that I can take ... >> IAS servers (do I need a separate certificate for the secondary IAS ... >> of authentication since it involves just installing the certificate on ... >between the AP and the client. ...
    (microsoft.public.internet.radius)
  • Re: Windows Authentication, Single sign on and Active Directory
    ... service proxy client fails to connect due to authentication failure and then ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The server is always in the domain. ...
    (microsoft.public.dotnet.framework.aspnet.security)