Sign in with
Sign up | Sign in
Your question

workstations crossing network to authenticate

  • Workstations
  • Domain Controller
  • Active Directory
  • Windows
Last response: in Windows 2000/NT
April 1, 2005 5:21:07 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Most of our workstations are going across our network to authenticate in
windows 2000 Server environment using active directory groups and desktop
authority script logic. These users will have a domain controller in their
building, but will go to a different domain controller to authenticate, which
is making this process very slow.

I know in a Windows 2000 environment, there is a load balancing between
domain controllers causing this cross network authentication. My question
is, how can I make a certain workstation always authenticate on one domain
controller instead of it finding which ever one is free?

More about : workstations crossing network authenticate

April 2, 2005 1:55:54 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Firstly, you must ensure that your subnets are correct and that you've
properly defined the sites (in AD Sites and Services -dssite.msc).

Once this is done, assuming that each site has at least one GC and DNS
server, then traffic shouldn't go across the WAN. What you're seeing is
likely not a load balancing feature (round-robin and netmask ordering ensure
you get local IP addresses for DCs first) but a misconfiguration.

Check all the sites and subnets. For about three months one of our
customers had an issue like this, and it was down to a typo for one of the

However, in answer to your question, you can also tweak the SRV record
weightings so that a particular DC will always respond. You can also
statically stipulate that a client is a member of a specific site. However,
check all the above first (and possibly provide us with a bit more info. on
your environment) and we'll come back to this later.


Paul Williams
April 5, 2005 5:53:06 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks Paul,

I reviewed this and we will apply these changes. This should fix the
problem, if not I will be back when we are finished making the changes.