Sign in with
Sign up | Sign in
Your question

Force client to authenticate against specific DC

Last response: in Windows 2000/NT
Share
Anonymous
January 26, 2005 3:23:03 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have a remote site that has local DC in that site and I would like to force
all the W2K clients in that site to authenticate to that DC when they login
to the domain in the morning. Can someone tell me if there is a way or not.

Thanks
Anonymous
January 26, 2005 6:07:19 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Ashraf" <Ashraf@discussions.microsoft.com> wrote in message
news:AC3D8FD7-4058-4BCF-AD25-D9AC804F5295@microsoft.com...
> I have a remote site that has local DC in that site and I would like to
force
> all the W2K clients in that site to authenticate to that DC

You cannot directly do that, and should not try, but....

> when they login
> to the domain in the morning. Can someone tell me if there is a way or
not.

You can and should ENCOURAGE the clients to use the
local DC which they will if you setup your SITES in
AD Sites and Services.

Clients on a site (an IP among the site's subnets) will
strongly prefer a local DC but attempt to find another
when that one is down, even if they must go offsite.

Do you have your OWN sites defined?

Go into AD Sites and Services.

1) Create the new SITE.

2) Optionally Rename the default first site to
indicate the real name of your main location.

3) Create a SUBNET (or subnets) for each location
and assign each to the proper site

4) Create a SITE LINK from each site to at least one
other site so that all sites are interconnected either
directly or indirectly but so there are no islands
that cannot reach the rest of the sites.
Optionally adjust:
a) Schedule (hours when replication is permitted)
b) Frequency (how often DC can replicate across site links)
c) Cost (only relevant if you have more than one site link
and really only if you have multiple pathways for
replication.)

(Let it all replicate).

5) Move the remote DC to it's proper site
(you might run DCDiag on the moved DC to see if it has
updated DNS correctly -- or even stop/start the NetLogon
service on that DC to remind it to re-register with DNS --
if everything goes right, it will list itself in the proper
_SiteName subdomains in your DNS .)

After this whole think replicates, you will find that local
clients will prefer the "own" local DC in the same site.

--
Herb Martin


>
> Thanks
Anonymous
January 27, 2005 11:25:27 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

The other important thing to remember when localising traffic is to ensure
that there's a local (to the site) DNS server that the local clients point
to (not an absolute need, but 99.9% recommended).

This DC should obviously be a GC too.

There is a way to kind of force preference to one DC over another, but I
won't go into that. Correctly configuring AD Sites (and DNS) will do this
for you ;-)

--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"Herb Martin" <news@LearnQuick.com> wrote in message
news:o LVGjs%23AFHA.3840@tk2msftngp13.phx.gbl...
"Ashraf" <Ashraf@discussions.microsoft.com> wrote in message
news:AC3D8FD7-4058-4BCF-AD25-D9AC804F5295@microsoft.com...
> I have a remote site that has local DC in that site and I would like to
force
> all the W2K clients in that site to authenticate to that DC

You cannot directly do that, and should not try, but....

> when they login
> to the domain in the morning. Can someone tell me if there is a way or
not.

You can and should ENCOURAGE the clients to use the
local DC which they will if you setup your SITES in
AD Sites and Services.

Clients on a site (an IP among the site's subnets) will
strongly prefer a local DC but attempt to find another
when that one is down, even if they must go offsite.

Do you have your OWN sites defined?

Go into AD Sites and Services.

1) Create the new SITE.

2) Optionally Rename the default first site to
indicate the real name of your main location.

3) Create a SUBNET (or subnets) for each location
and assign each to the proper site

4) Create a SITE LINK from each site to at least one
other site so that all sites are interconnected either
directly or indirectly but so there are no islands
that cannot reach the rest of the sites.
Optionally adjust:
a) Schedule (hours when replication is permitted)
b) Frequency (how often DC can replicate across site links)
c) Cost (only relevant if you have more than one site link
and really only if you have multiple pathways for
replication.)

(Let it all replicate).

5) Move the remote DC to it's proper site
(you might run DCDiag on the moved DC to see if it has
updated DNS correctly -- or even stop/start the NetLogon
service on that DC to remind it to re-register with DNS --
if everything goes right, it will list itself in the proper
_SiteName subdomains in your DNS .)

After this whole think replicates, you will find that local
clients will prefer the "own" local DC in the same site.

--
Herb Martin


>
> Thanks
Related resources
Anonymous
January 27, 2005 3:51:02 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I actually thought of moving the domain controller from one site to another,
but I'm little bit histant in doing that. I have two subnets under my sites
and services and both of them are assigned to one Site. I'm planning to
create new Site and assigne it to my remote site subnet and then do a move
for the domain controller that is in the remote site and has an IP address of
the remote site's subnet. Would you think that this will work?
"ptwilliams" wrote:

> The other important thing to remember when localising traffic is to ensure
> that there's a local (to the site) DNS server that the local clients point
> to (not an absolute need, but 99.9% recommended).
>
> This DC should obviously be a GC too.
>
> There is a way to kind of force preference to one DC over another, but I
> won't go into that. Correctly configuring AD Sites (and DNS) will do this
> for you ;-)
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:o LVGjs%23AFHA.3840@tk2msftngp13.phx.gbl...
> "Ashraf" <Ashraf@discussions.microsoft.com> wrote in message
> news:AC3D8FD7-4058-4BCF-AD25-D9AC804F5295@microsoft.com...
> > I have a remote site that has local DC in that site and I would like to
> force
> > all the W2K clients in that site to authenticate to that DC
>
> You cannot directly do that, and should not try, but....
>
> > when they login
> > to the domain in the morning. Can someone tell me if there is a way or
> not.
>
> You can and should ENCOURAGE the clients to use the
> local DC which they will if you setup your SITES in
> AD Sites and Services.
>
> Clients on a site (an IP among the site's subnets) will
> strongly prefer a local DC but attempt to find another
> when that one is down, even if they must go offsite.
>
> Do you have your OWN sites defined?
>
> Go into AD Sites and Services.
>
> 1) Create the new SITE.
>
> 2) Optionally Rename the default first site to
> indicate the real name of your main location.
>
> 3) Create a SUBNET (or subnets) for each location
> and assign each to the proper site
>
> 4) Create a SITE LINK from each site to at least one
> other site so that all sites are interconnected either
> directly or indirectly but so there are no islands
> that cannot reach the rest of the sites.
> Optionally adjust:
> a) Schedule (hours when replication is permitted)
> b) Frequency (how often DC can replicate across site links)
> c) Cost (only relevant if you have more than one site link
> and really only if you have multiple pathways for
> replication.)
>
> (Let it all replicate).
>
> 5) Move the remote DC to it's proper site
> (you might run DCDiag on the moved DC to see if it has
> updated DNS correctly -- or even stop/start the NetLogon
> service on that DC to remind it to re-register with DNS --
> if everything goes right, it will list itself in the proper
> _SiteName subdomains in your DNS .)
>
> After this whole think replicates, you will find that local
> clients will prefer the "own" local DC in the same site.
>
> --
> Herb Martin
>
>
> >
> > Thanks
>
>
>
>
Anonymous
January 28, 2005 2:31:49 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

It's fine to move DCs between sites. So, by that logic, it's fine to build
DCs at one site and move them to wherever they're meant to go. There's a
couple of considerations and things you have to do though. I've briefly
discussed this here:
-- http://www.msresource.net/content/view/22/47/


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"Ashraf" <Ashraf@discussions.microsoft.com> wrote in message
news:E3D7C297-AF96-4673-8FBE-3A53C021788F@microsoft.com...
I actually thought of moving the domain controller from one site to another,
but I'm little bit histant in doing that. I have two subnets under my sites
and services and both of them are assigned to one Site. I'm planning to
create new Site and assigne it to my remote site subnet and then do a move
for the domain controller that is in the remote site and has an IP address
of
the remote site's subnet. Would you think that this will work?
"ptwilliams" wrote:

> The other important thing to remember when localising traffic is to ensure
> that there's a local (to the site) DNS server that the local clients point
> to (not an absolute need, but 99.9% recommended).
>
> This DC should obviously be a GC too.
>
> There is a way to kind of force preference to one DC over another, but I
> won't go into that. Correctly configuring AD Sites (and DNS) will do this
> for you ;-)
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:o LVGjs%23AFHA.3840@tk2msftngp13.phx.gbl...
> "Ashraf" <Ashraf@discussions.microsoft.com> wrote in message
> news:AC3D8FD7-4058-4BCF-AD25-D9AC804F5295@microsoft.com...
> > I have a remote site that has local DC in that site and I would like to
> force
> > all the W2K clients in that site to authenticate to that DC
>
> You cannot directly do that, and should not try, but....
>
> > when they login
> > to the domain in the morning. Can someone tell me if there is a way or
> not.
>
> You can and should ENCOURAGE the clients to use the
> local DC which they will if you setup your SITES in
> AD Sites and Services.
>
> Clients on a site (an IP among the site's subnets) will
> strongly prefer a local DC but attempt to find another
> when that one is down, even if they must go offsite.
>
> Do you have your OWN sites defined?
>
> Go into AD Sites and Services.
>
> 1) Create the new SITE.
>
> 2) Optionally Rename the default first site to
> indicate the real name of your main location.
>
> 3) Create a SUBNET (or subnets) for each location
> and assign each to the proper site
>
> 4) Create a SITE LINK from each site to at least one
> other site so that all sites are interconnected either
> directly or indirectly but so there are no islands
> that cannot reach the rest of the sites.
> Optionally adjust:
> a) Schedule (hours when replication is permitted)
> b) Frequency (how often DC can replicate across site links)
> c) Cost (only relevant if you have more than one site link
> and really only if you have multiple pathways for
> replication.)
>
> (Let it all replicate).
>
> 5) Move the remote DC to it's proper site
> (you might run DCDiag on the moved DC to see if it has
> updated DNS correctly -- or even stop/start the NetLogon
> service on that DC to remind it to re-register with DNS --
> if everything goes right, it will list itself in the proper
> _SiteName subdomains in your DNS .)
>
> After this whole think replicates, you will find that local
> clients will prefer the "own" local DC in the same site.
>
> --
> Herb Martin
>
>
> >
> > Thanks
>
>
>
>
Anonymous
January 28, 2005 10:05:02 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks you very much for all the help

"ptwilliams" wrote:

> It's fine to move DCs between sites. So, by that logic, it's fine to build
> DCs at one site and move them to wherever they're meant to go. There's a
> couple of considerations and things you have to do though. I've briefly
> discussed this here:
> -- http://www.msresource.net/content/view/22/47/
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Ashraf" <Ashraf@discussions.microsoft.com> wrote in message
> news:E3D7C297-AF96-4673-8FBE-3A53C021788F@microsoft.com...
> I actually thought of moving the domain controller from one site to another,
> but I'm little bit histant in doing that. I have two subnets under my sites
> and services and both of them are assigned to one Site. I'm planning to
> create new Site and assigne it to my remote site subnet and then do a move
> for the domain controller that is in the remote site and has an IP address
> of
> the remote site's subnet. Would you think that this will work?
> "ptwilliams" wrote:
>
> > The other important thing to remember when localising traffic is to ensure
> > that there's a local (to the site) DNS server that the local clients point
> > to (not an absolute need, but 99.9% recommended).
> >
> > This DC should obviously be a GC too.
> >
> > There is a way to kind of force preference to one DC over another, but I
> > won't go into that. Correctly configuring AD Sites (and DNS) will do this
> > for you ;-)
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net/
> > http://forums.msresource.net/
> >
> > "Herb Martin" <news@LearnQuick.com> wrote in message
> > news:o LVGjs%23AFHA.3840@tk2msftngp13.phx.gbl...
> > "Ashraf" <Ashraf@discussions.microsoft.com> wrote in message
> > news:AC3D8FD7-4058-4BCF-AD25-D9AC804F5295@microsoft.com...
> > > I have a remote site that has local DC in that site and I would like to
> > force
> > > all the W2K clients in that site to authenticate to that DC
> >
> > You cannot directly do that, and should not try, but....
> >
> > > when they login
> > > to the domain in the morning. Can someone tell me if there is a way or
> > not.
> >
> > You can and should ENCOURAGE the clients to use the
> > local DC which they will if you setup your SITES in
> > AD Sites and Services.
> >
> > Clients on a site (an IP among the site's subnets) will
> > strongly prefer a local DC but attempt to find another
> > when that one is down, even if they must go offsite.
> >
> > Do you have your OWN sites defined?
> >
> > Go into AD Sites and Services.
> >
> > 1) Create the new SITE.
> >
> > 2) Optionally Rename the default first site to
> > indicate the real name of your main location.
> >
> > 3) Create a SUBNET (or subnets) for each location
> > and assign each to the proper site
> >
> > 4) Create a SITE LINK from each site to at least one
> > other site so that all sites are interconnected either
> > directly or indirectly but so there are no islands
> > that cannot reach the rest of the sites.
> > Optionally adjust:
> > a) Schedule (hours when replication is permitted)
> > b) Frequency (how often DC can replicate across site links)
> > c) Cost (only relevant if you have more than one site link
> > and really only if you have multiple pathways for
> > replication.)
> >
> > (Let it all replicate).
> >
> > 5) Move the remote DC to it's proper site
> > (you might run DCDiag on the moved DC to see if it has
> > updated DNS correctly -- or even stop/start the NetLogon
> > service on that DC to remind it to re-register with DNS --
> > if everything goes right, it will list itself in the proper
> > _SiteName subdomains in your DNS .)
> >
> > After this whole think replicates, you will find that local
> > clients will prefer the "own" local DC in the same site.
> >
> > --
> > Herb Martin
> >
> >
> > >
> > > Thanks
> >
> >
> >
> >
>
>
>
Anonymous
January 30, 2005 7:32:55 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

You're very welcome : )

--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"Ashraf" <Ashraf@discussions.microsoft.com> wrote in message
news:B5D411A0-22D7-443C-A55A-4745C738783B@microsoft.com...
Thanks you very much for all the help

"ptwilliams" wrote:

> It's fine to move DCs between sites. So, by that logic, it's fine to
> build
> DCs at one site and move them to wherever they're meant to go. There's a
> couple of considerations and things you have to do though. I've briefly
> discussed this here:
> -- http://www.msresource.net/content/view/22/47/
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Ashraf" <Ashraf@discussions.microsoft.com> wrote in message
> news:E3D7C297-AF96-4673-8FBE-3A53C021788F@microsoft.com...
> I actually thought of moving the domain controller from one site to
> another,
> but I'm little bit histant in doing that. I have two subnets under my
> sites
> and services and both of them are assigned to one Site. I'm planning to
> create new Site and assigne it to my remote site subnet and then do a move
> for the domain controller that is in the remote site and has an IP address
> of
> the remote site's subnet. Would you think that this will work?
> "ptwilliams" wrote:
>
> > The other important thing to remember when localising traffic is to
> > ensure
> > that there's a local (to the site) DNS server that the local clients
> > point
> > to (not an absolute need, but 99.9% recommended).
> >
> > This DC should obviously be a GC too.
> >
> > There is a way to kind of force preference to one DC over another, but I
> > won't go into that. Correctly configuring AD Sites (and DNS) will do
> > this
> > for you ;-)
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net/
> > http://forums.msresource.net/
> >
> > "Herb Martin" <news@LearnQuick.com> wrote in message
> > news:o LVGjs%23AFHA.3840@tk2msftngp13.phx.gbl...
> > "Ashraf" <Ashraf@discussions.microsoft.com> wrote in message
> > news:AC3D8FD7-4058-4BCF-AD25-D9AC804F5295@microsoft.com...
> > > I have a remote site that has local DC in that site and I would like
> > > to
> > force
> > > all the W2K clients in that site to authenticate to that DC
> >
> > You cannot directly do that, and should not try, but....
> >
> > > when they login
> > > to the domain in the morning. Can someone tell me if there is a way or
> > not.
> >
> > You can and should ENCOURAGE the clients to use the
> > local DC which they will if you setup your SITES in
> > AD Sites and Services.
> >
> > Clients on a site (an IP among the site's subnets) will
> > strongly prefer a local DC but attempt to find another
> > when that one is down, even if they must go offsite.
> >
> > Do you have your OWN sites defined?
> >
> > Go into AD Sites and Services.
> >
> > 1) Create the new SITE.
> >
> > 2) Optionally Rename the default first site to
> > indicate the real name of your main location.
> >
> > 3) Create a SUBNET (or subnets) for each location
> > and assign each to the proper site
> >
> > 4) Create a SITE LINK from each site to at least one
> > other site so that all sites are interconnected either
> > directly or indirectly but so there are no islands
> > that cannot reach the rest of the sites.
> > Optionally adjust:
> > a) Schedule (hours when replication is permitted)
> > b) Frequency (how often DC can replicate across site links)
> > c) Cost (only relevant if you have more than one site link
> > and really only if you have multiple pathways for
> > replication.)
> >
> > (Let it all replicate).
> >
> > 5) Move the remote DC to it's proper site
> > (you might run DCDiag on the moved DC to see if it has
> > updated DNS correctly -- or even stop/start the NetLogon
> > service on that DC to remind it to re-register with DNS --
> > if everything goes right, it will list itself in the proper
> > _SiteName subdomains in your DNS .)
> >
> > After this whole think replicates, you will find that local
> > clients will prefer the "own" local DC in the same site.
> >
> > --
> > Herb Martin
> >
> >
> > >
> > > Thanks
> >
> >
> >
> >
>
>
>
!