authenticating domain controller
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.active_directory (More info?)
I have three domain controllers, two are Global Catalog server, how can I
tell which one is the authenticating domain controller? How can I change
the authenticating domain controller to another server that has Active
Directory on it?
I have three domain controllers, two are Global Catalog server, how can I
tell which one is the authenticating domain controller? How can I change
the authenticating domain controller to another server that has Active
Directory on it?
More about : authenticating domain controller
Archived from groups: microsoft.public.win2000.active_directory (More info?)
In addition to what Simon wrote ( about the 'set l' command on the clients )
you would need to look into your Forward Lookup Zone on DNS Server. Each
Domain Controller record has a couple of values....specifically the Priority
and Weight values.
By default, the Priority value will be [0] for all DNS Servers and the
Weight value will be [100] for all DNS Servers. If you were to want DC01 to
authenticate 4x as many authentication requests as DC02 then you would need
to keep the Priority value at [0] for both of them but change the weight.
DC01 would need to have a value of [80] while DC02 would need to have a
value of [20].
The pecking order is that all clients will authenticate against the DC with
the lowest Priority value. In the case that there are several DCs with the
same value, then the Weight value comes into play.
By default, if you have two Domain Controllers running DNS then there would
be approx. a 50/50 balance. Were you to have three Domain Controllers
running DNS then there would be approx. a 33/33/33 balance.
HTH,
--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP
http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
"johnstep" <ai7802@wayne.edu> wrote in message
news:e0P$6SBUFHA.3584@TK2MSFTNGP14.phx.gbl...
>I have three domain controllers, two are Global Catalog server, how can I
>tell which one is the authenticating domain controller? How can I change
>the authenticating domain controller to another server that has Active
>Directory on it?
>
In addition to what Simon wrote ( about the 'set l' command on the clients )
you would need to look into your Forward Lookup Zone on DNS Server. Each
Domain Controller record has a couple of values....specifically the Priority
and Weight values.
By default, the Priority value will be [0] for all DNS Servers and the
Weight value will be [100] for all DNS Servers. If you were to want DC01 to
authenticate 4x as many authentication requests as DC02 then you would need
to keep the Priority value at [0] for both of them but change the weight.
DC01 would need to have a value of [80] while DC02 would need to have a
value of [20].
The pecking order is that all clients will authenticate against the DC with
the lowest Priority value. In the case that there are several DCs with the
same value, then the Weight value comes into play.
By default, if you have two Domain Controllers running DNS then there would
be approx. a 50/50 balance. Were you to have three Domain Controllers
running DNS then there would be approx. a 33/33/33 balance.
HTH,
--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP
http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
"johnstep" <ai7802@wayne.edu> wrote in message
news:e0P$6SBUFHA.3584@TK2MSFTNGP14.phx.gbl...
>I have three domain controllers, two are Global Catalog server, how can I
>tell which one is the authenticating domain controller? How can I change
>the authenticating domain controller to another server that has Active
>Directory on it?
>
Archived from groups: microsoft.public.win2000.active_directory (More info?)
Should have added that you need to ensure that you have set up Active
Directory Sites correctly and that you have created the Subnets correctly
and that you have associated each Subnet with the correct Site.....
--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP
http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news:%233pLlkDUFHA.2420@TK2MSFTNGP12.phx.gbl...
> In addition to what Simon wrote ( about the 'set l' command on the
> clients ) you would need to look into your Forward Lookup Zone on DNS
> Server. Each Domain Controller record has a couple of
> values....specifically the Priority and Weight values.
>
> By default, the Priority value will be [0] for all DNS Servers and the
> Weight value will be [100] for all DNS Servers. If you were to want DC01
> to authenticate 4x as many authentication requests as DC02 then you would
> need to keep the Priority value at [0] for both of them but change the
> weight. DC01 would need to have a value of [80] while DC02 would need to
> have a value of [20].
>
> The pecking order is that all clients will authenticate against the DC
> with the lowest Priority value. In the case that there are several DCs
> with the same value, then the Weight value comes into play.
>
> By default, if you have two Domain Controllers running DNS then there
> would be approx. a 50/50 balance. Were you to have three Domain
> Controllers running DNS then there would be approx. a 33/33/33 balance.
>
> HTH,
>
> --
> Cary W. Shultz
> Roanoke, VA 24012
> Microsoft Active Directory MVP
>
> http://www.activedirectory-win2000.com
> http://www.grouppolicy-win2000.com
>
>
>
> "johnstep" <ai7802@wayne.edu> wrote in message
> news:e0P$6SBUFHA.3584@TK2MSFTNGP14.phx.gbl...
>>I have three domain controllers, two are Global Catalog server, how can I
>>tell which one is the authenticating domain controller? How can I change
>>the authenticating domain controller to another server that has Active
>>Directory on it?
>>
>
>
Should have added that you need to ensure that you have set up Active
Directory Sites correctly and that you have created the Subnets correctly
and that you have associated each Subnet with the correct Site.....
--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP
http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news:%233pLlkDUFHA.2420@TK2MSFTNGP12.phx.gbl...
> In addition to what Simon wrote ( about the 'set l' command on the
> clients ) you would need to look into your Forward Lookup Zone on DNS
> Server. Each Domain Controller record has a couple of
> values....specifically the Priority and Weight values.
>
> By default, the Priority value will be [0] for all DNS Servers and the
> Weight value will be [100] for all DNS Servers. If you were to want DC01
> to authenticate 4x as many authentication requests as DC02 then you would
> need to keep the Priority value at [0] for both of them but change the
> weight. DC01 would need to have a value of [80] while DC02 would need to
> have a value of [20].
>
> The pecking order is that all clients will authenticate against the DC
> with the lowest Priority value. In the case that there are several DCs
> with the same value, then the Weight value comes into play.
>
> By default, if you have two Domain Controllers running DNS then there
> would be approx. a 50/50 balance. Were you to have three Domain
> Controllers running DNS then there would be approx. a 33/33/33 balance.
>
> HTH,
>
> --
> Cary W. Shultz
> Roanoke, VA 24012
> Microsoft Active Directory MVP
>
> http://www.activedirectory-win2000.com
> http://www.grouppolicy-win2000.com
>
>
>
> "johnstep" <ai7802@wayne.edu> wrote in message
> news:e0P$6SBUFHA.3584@TK2MSFTNGP14.phx.gbl...
>>I have three domain controllers, two are Global Catalog server, how can I
>>tell which one is the authenticating domain controller? How can I change
>>the authenticating domain controller to another server that has Active
>>Directory on it?
>>
>
>
Archived from groups: microsoft.public.win2000.active_directory (More info?)
You can tell which DC a particular client has authenticated against by
running "set L" at the command line.
The DC used for authentication is determined by the configuration of your AD
Sites & Subnets and in DNS, there is no easy option to force clients to use
a particular DC although it can be done with some tweaking of the above.
This has more information http://support.microsoft.com/?id=247811
"johnstep" <ai7802@wayne.edu> wrote in message
news:e0P$6SBUFHA.3584@TK2MSFTNGP14.phx.gbl...
>I have three domain controllers, two are Global Catalog server, how can I
>tell which one is the authenticating domain controller? How can I change
>the authenticating domain controller to another server that has Active
>Directory on it?
>
You can tell which DC a particular client has authenticated against by
running "set L" at the command line.
The DC used for authentication is determined by the configuration of your AD
Sites & Subnets and in DNS, there is no easy option to force clients to use
a particular DC although it can be done with some tweaking of the above.
This has more information http://support.microsoft.com/?id=247811
"johnstep" <ai7802@wayne.edu> wrote in message
news:e0P$6SBUFHA.3584@TK2MSFTNGP14.phx.gbl...
>I have three domain controllers, two are Global Catalog server, how can I
>tell which one is the authenticating domain controller? How can I change
>the authenticating domain controller to another server that has Active
>Directory on it?
>
Archived from groups: microsoft.public.win2000.active_directory (More info?)
Very interesting process / ANother question on the same lines
how will the clients or DC's mainitain the balance / meaning if a client's
query has resulted in 2 DC's with both same weight and priority, what is the
mechanism that determines which dc will be used for authentication ?
Also if the DC's are not GC's is there any relevance or any preference that
a client will choose ?
Thanks in advance
--
Patilp
"Cary Shultz [A.D. MVP]" wrote:
> Should have added that you need to ensure that you have set up Active
> Directory Sites correctly and that you have created the Subnets correctly
> and that you have associated each Subnet with the correct Site.....
>
> --
> Cary W. Shultz
> Roanoke, VA 24012
> Microsoft Active Directory MVP
>
> http://www.activedirectory-win2000.com
> http://www.grouppolicy-win2000.com
>
>
>
> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> news:%233pLlkDUFHA.2420@TK2MSFTNGP12.phx.gbl...
> > In addition to what Simon wrote ( about the 'set l' command on the
> > clients ) you would need to look into your Forward Lookup Zone on DNS
> > Server. Each Domain Controller record has a couple of
> > values....specifically the Priority and Weight values.
> >
> > By default, the Priority value will be [0] for all DNS Servers and the
> > Weight value will be [100] for all DNS Servers. If you were to want DC01
> > to authenticate 4x as many authentication requests as DC02 then you would
> > need to keep the Priority value at [0] for both of them but change the
> > weight. DC01 would need to have a value of [80] while DC02 would need to
> > have a value of [20].
> >
> > The pecking order is that all clients will authenticate against the DC
> > with the lowest Priority value. In the case that there are several DCs
> > with the same value, then the Weight value comes into play.
> >
> > By default, if you have two Domain Controllers running DNS then there
> > would be approx. a 50/50 balance. Were you to have three Domain
> > Controllers running DNS then there would be approx. a 33/33/33 balance.
> >
> > HTH,
> >
> > --
> > Cary W. Shultz
> > Roanoke, VA 24012
> > Microsoft Active Directory MVP
> >
> > http://www.activedirectory-win2000.com
> > http://www.grouppolicy-win2000.com
> >
> >
> >
> > "johnstep" <ai7802@wayne.edu> wrote in message
> > news:e0P$6SBUFHA.3584@TK2MSFTNGP14.phx.gbl...
> >>I have three domain controllers, two are Global Catalog server, how can I
> >>tell which one is the authenticating domain controller? How can I change
> >>the authenticating domain controller to another server that has Active
> >>Directory on it?
> >>
> >
> >
>
>
>
Very interesting process / ANother question on the same lines
how will the clients or DC's mainitain the balance / meaning if a client's
query has resulted in 2 DC's with both same weight and priority, what is the
mechanism that determines which dc will be used for authentication ?
Also if the DC's are not GC's is there any relevance or any preference that
a client will choose ?
Thanks in advance
--
Patilp
"Cary Shultz [A.D. MVP]" wrote:
> Should have added that you need to ensure that you have set up Active
> Directory Sites correctly and that you have created the Subnets correctly
> and that you have associated each Subnet with the correct Site.....
>
> --
> Cary W. Shultz
> Roanoke, VA 24012
> Microsoft Active Directory MVP
>
> http://www.activedirectory-win2000.com
> http://www.grouppolicy-win2000.com
>
>
>
> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> news:%233pLlkDUFHA.2420@TK2MSFTNGP12.phx.gbl...
> > In addition to what Simon wrote ( about the 'set l' command on the
> > clients ) you would need to look into your Forward Lookup Zone on DNS
> > Server. Each Domain Controller record has a couple of
> > values....specifically the Priority and Weight values.
> >
> > By default, the Priority value will be [0] for all DNS Servers and the
> > Weight value will be [100] for all DNS Servers. If you were to want DC01
> > to authenticate 4x as many authentication requests as DC02 then you would
> > need to keep the Priority value at [0] for both of them but change the
> > weight. DC01 would need to have a value of [80] while DC02 would need to
> > have a value of [20].
> >
> > The pecking order is that all clients will authenticate against the DC
> > with the lowest Priority value. In the case that there are several DCs
> > with the same value, then the Weight value comes into play.
> >
> > By default, if you have two Domain Controllers running DNS then there
> > would be approx. a 50/50 balance. Were you to have three Domain
> > Controllers running DNS then there would be approx. a 33/33/33 balance.
> >
> > HTH,
> >
> > --
> > Cary W. Shultz
> > Roanoke, VA 24012
> > Microsoft Active Directory MVP
> >
> > http://www.activedirectory-win2000.com
> > http://www.grouppolicy-win2000.com
> >
> >
> >
> > "johnstep" <ai7802@wayne.edu> wrote in message
> > news:e0P$6SBUFHA.3584@TK2MSFTNGP14.phx.gbl...
> >>I have three domain controllers, two are Global Catalog server, how can I
> >>tell which one is the authenticating domain controller? How can I change
> >>the authenticating domain controller to another server that has Active
> >>Directory on it?
> >>
> >
> >
>
>
>
Related ressources:
- ForumTrouble Authenticating users from trusted domains
- ForumAD Domain Controller Concurrent Logons
- ForumDomain Authentication Problem
- ForumAD to NT4 domain authentication process - why would a clie..
- ForumLinux as primary domain controller
- ForumWindows XP Pro system won't authenticate to domain control ..
- ForumIssue with NT Domain Controllers
- ForumLogin to pc slow to login to remote Domain Controller
- ForumCannot connect to my company's domain .
- Forum2nd DC not authenticating users?
- ForumPassing authentication off to another domain
- ForumNew Computer Issues with domain authentication
- ForumSecondary Domain Controller not working as a GC server
- ForumParallel and com ports not appearing in device manager
- More resources
!
