Force authentication to a specific DC where multiple DC's ..

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I apologize if I posted this thread in the wrong forum.

We have five Windows 2003 domain controllers running our main AD site.
Two of those domain controllers have a virtual server running on them.
The guest servers on each are (Windows 2003) radius servers.
Currently, the virtual radius servers authenticate to other DC's in the
main site. Is there any way I can force the virtual radius servers to
authenticate to the host machines (DC's) to reduce network traffic.

I know in AD Sites and Services you can "weight" or prioritize
controllers, but I don't want to make a system wide change. This would
increase traffic to these two particular host DC's.

If anyone has any suggestions I would greatly appreciate it.
Thanks.


--
9number9
------------------------------------------------------------------------
9number9's Profile: http://www.msusenet.com/member.php?userid=886
View this thread: http://www.msusenet.com/t-1870401557
3 answers Last reply
More about force authentication specific multiple
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    In WIN2000 without changing either the Weight or the Priority for a specific
    Domain Controller ( or Controllers ) then there is - out of the box - pretty
    much nothing that you can do to *ensure* that specific Domain Controllers
    are used to authenticate requests. Just to repeat what you probably already
    know:

    Clients will try to authenticate first to a Domain Controller in its Site
    (based on IP Address ). Clients will authenticate to the DC with the lowest
    Priority ( so a [0] is going to win vs. a [2] ). In the event that
    multiple Domain Controllers should have the same Priority then the Weight
    value comes into play ( so a [80] will authenticate about 4x as many
    requests as a [20]...... ).

    By default all Domain Controllers have a Weight of [0] and a Priority of
    [100]. So, out of the box there is supposed to be an equal distribution of
    authentication requests ( well, pretty equal ).

    And this is actually a DNS thing.....not sure about how the Sites and
    Services play a role in that (Priority and Weight values ). But remember, I
    am speaking about WIN2000. In WIN2003 it may have changed....not sure how,
    but......

    --
    Cary W. Shultz
    Roanoke, VA 24012
    Microsoft Active Directory MVP

    http://www.activedirectory-win2000.com
    http://www.grouppolicy-win2000.com


    "9number9" <9number9.1ogmwc@no-mx.msusenet.com> wrote in message
    news:9number9.1ogmwc@no-mx.msusenet.com...
    >
    > I apologize if I posted this thread in the wrong forum.
    >
    > We have five Windows 2003 domain controllers running our main AD site.
    > Two of those domain controllers have a virtual server running on them.
    > The guest servers on each are (Windows 2003) radius servers.
    > Currently, the virtual radius servers authenticate to other DC's in the
    > main site. Is there any way I can force the virtual radius servers to
    > authenticate to the host machines (DC's) to reduce network traffic.
    >
    > I know in AD Sites and Services you can "weight" or prioritize
    > controllers, but I don't want to make a system wide change. This would
    > increase traffic to these two particular host DC's.
    >
    > If anyone has any suggestions I would greatly appreciate it.
    > Thanks.
    >
    >
    > --
    > 9number9
    > ------------------------------------------------------------------------
    > 9number9's Profile: http://www.msusenet.com/member.php?userid=886
    > View this thread: http://www.msusenet.com/t-1870401557
    >
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Thanks for the info, Cary. I know there was a registry hack for this in
    NT4.0, I guess I was hoping that there was a similar solution in 2000 or
    2003. I will keep searching ....


    --
    9number9
    ------------------------------------------------------------------------
    9number9's Profile: http://www.msusenet.com/member.php?userid=886
    View this thread: http://www.msusenet.com/t-1870401557
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Can you put your radius servers on a different ip subnet and assign
    that subnet to a different AD site? With VMWare you could do all of
    that inside the virtual environment, I'm presuming the same might be
    true for Virtual Server.
Ask a new question

Read More

Windows Server 2003 Servers Authentication Active Directory Windows