authenticating domain controller

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have three domain controllers, two are Global Catalog server, how can I
tell which one is the authenticating domain controller? How can I change
the authenticating domain controller to another server that has Active
Directory on it?
4 answers Last reply
More about authenticating domain controller
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    In addition to what Simon wrote ( about the 'set l' command on the clients )
    you would need to look into your Forward Lookup Zone on DNS Server. Each
    Domain Controller record has a couple of values....specifically the Priority
    and Weight values.

    By default, the Priority value will be [0] for all DNS Servers and the
    Weight value will be [100] for all DNS Servers. If you were to want DC01 to
    authenticate 4x as many authentication requests as DC02 then you would need
    to keep the Priority value at [0] for both of them but change the weight.
    DC01 would need to have a value of [80] while DC02 would need to have a
    value of [20].

    The pecking order is that all clients will authenticate against the DC with
    the lowest Priority value. In the case that there are several DCs with the
    same value, then the Weight value comes into play.

    By default, if you have two Domain Controllers running DNS then there would
    be approx. a 50/50 balance. Were you to have three Domain Controllers
    running DNS then there would be approx. a 33/33/33 balance.

    HTH,

    --
    Cary W. Shultz
    Roanoke, VA 24012
    Microsoft Active Directory MVP

    http://www.activedirectory-win2000.com
    http://www.grouppolicy-win2000.com


    "johnstep" <ai7802@wayne.edu> wrote in message
    news:e0P$6SBUFHA.3584@TK2MSFTNGP14.phx.gbl...
    >I have three domain controllers, two are Global Catalog server, how can I
    >tell which one is the authenticating domain controller? How can I change
    >the authenticating domain controller to another server that has Active
    >Directory on it?
    >
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Should have added that you need to ensure that you have set up Active
    Directory Sites correctly and that you have created the Subnets correctly
    and that you have associated each Subnet with the correct Site.....

    --
    Cary W. Shultz
    Roanoke, VA 24012
    Microsoft Active Directory MVP

    http://www.activedirectory-win2000.com
    http://www.grouppolicy-win2000.com


    "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
    news:%233pLlkDUFHA.2420@TK2MSFTNGP12.phx.gbl...
    > In addition to what Simon wrote ( about the 'set l' command on the
    > clients ) you would need to look into your Forward Lookup Zone on DNS
    > Server. Each Domain Controller record has a couple of
    > values....specifically the Priority and Weight values.
    >
    > By default, the Priority value will be [0] for all DNS Servers and the
    > Weight value will be [100] for all DNS Servers. If you were to want DC01
    > to authenticate 4x as many authentication requests as DC02 then you would
    > need to keep the Priority value at [0] for both of them but change the
    > weight. DC01 would need to have a value of [80] while DC02 would need to
    > have a value of [20].
    >
    > The pecking order is that all clients will authenticate against the DC
    > with the lowest Priority value. In the case that there are several DCs
    > with the same value, then the Weight value comes into play.
    >
    > By default, if you have two Domain Controllers running DNS then there
    > would be approx. a 50/50 balance. Were you to have three Domain
    > Controllers running DNS then there would be approx. a 33/33/33 balance.
    >
    > HTH,
    >
    > --
    > Cary W. Shultz
    > Roanoke, VA 24012
    > Microsoft Active Directory MVP
    >
    > http://www.activedirectory-win2000.com
    > http://www.grouppolicy-win2000.com
    >
    >
    >
    > "johnstep" <ai7802@wayne.edu> wrote in message
    > news:e0P$6SBUFHA.3584@TK2MSFTNGP14.phx.gbl...
    >>I have three domain controllers, two are Global Catalog server, how can I
    >>tell which one is the authenticating domain controller? How can I change
    >>the authenticating domain controller to another server that has Active
    >>Directory on it?
    >>
    >
    >
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    You can tell which DC a particular client has authenticated against by
    running "set L" at the command line.

    The DC used for authentication is determined by the configuration of your AD
    Sites & Subnets and in DNS, there is no easy option to force clients to use
    a particular DC although it can be done with some tweaking of the above.
    This has more information http://support.microsoft.com/?id=247811

    "johnstep" <ai7802@wayne.edu> wrote in message
    news:e0P$6SBUFHA.3584@TK2MSFTNGP14.phx.gbl...
    >I have three domain controllers, two are Global Catalog server, how can I
    >tell which one is the authenticating domain controller? How can I change
    >the authenticating domain controller to another server that has Active
    >Directory on it?
    >
  4. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Very interesting process / ANother question on the same lines

    how will the clients or DC's mainitain the balance / meaning if a client's
    query has resulted in 2 DC's with both same weight and priority, what is the
    mechanism that determines which dc will be used for authentication ?

    Also if the DC's are not GC's is there any relevance or any preference that
    a client will choose ?

    Thanks in advance
    --
    Patilp


    "Cary Shultz [A.D. MVP]" wrote:

    > Should have added that you need to ensure that you have set up Active
    > Directory Sites correctly and that you have created the Subnets correctly
    > and that you have associated each Subnet with the correct Site.....
    >
    > --
    > Cary W. Shultz
    > Roanoke, VA 24012
    > Microsoft Active Directory MVP
    >
    > http://www.activedirectory-win2000.com
    > http://www.grouppolicy-win2000.com
    >
    >
    >
    > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
    > news:%233pLlkDUFHA.2420@TK2MSFTNGP12.phx.gbl...
    > > In addition to what Simon wrote ( about the 'set l' command on the
    > > clients ) you would need to look into your Forward Lookup Zone on DNS
    > > Server. Each Domain Controller record has a couple of
    > > values....specifically the Priority and Weight values.
    > >
    > > By default, the Priority value will be [0] for all DNS Servers and the
    > > Weight value will be [100] for all DNS Servers. If you were to want DC01
    > > to authenticate 4x as many authentication requests as DC02 then you would
    > > need to keep the Priority value at [0] for both of them but change the
    > > weight. DC01 would need to have a value of [80] while DC02 would need to
    > > have a value of [20].
    > >
    > > The pecking order is that all clients will authenticate against the DC
    > > with the lowest Priority value. In the case that there are several DCs
    > > with the same value, then the Weight value comes into play.
    > >
    > > By default, if you have two Domain Controllers running DNS then there
    > > would be approx. a 50/50 balance. Were you to have three Domain
    > > Controllers running DNS then there would be approx. a 33/33/33 balance.
    > >
    > > HTH,
    > >
    > > --
    > > Cary W. Shultz
    > > Roanoke, VA 24012
    > > Microsoft Active Directory MVP
    > >
    > > http://www.activedirectory-win2000.com
    > > http://www.grouppolicy-win2000.com
    > >
    > >
    > >
    > > "johnstep" <ai7802@wayne.edu> wrote in message
    > > news:e0P$6SBUFHA.3584@TK2MSFTNGP14.phx.gbl...
    > >>I have three domain controllers, two are Global Catalog server, how can I
    > >>tell which one is the authenticating domain controller? How can I change
    > >>the authenticating domain controller to another server that has Active
    > >>Directory on it?
    > >>
    > >
    > >
    >
    >
    >
Ask a new question

Read More

Servers Microsoft Domain Controller Active Directory Windows