Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computer Certification > MCSE > Force authentication to a specific DC

Reply
Thread Tools

Force authentication to a specific DC

 
 
=?Utf-8?B?VFR1cm5lcg==?=
Guest
Posts: n/a
 
      10-18-2004
In an AD environment with multiple sites, all DC's are 2003, and multiple
DC's at each site, how can I force authentication to a specific domain
controller? The problem is, that our "sites" are comprised of several
different subnets for several different physical locations, so when I logon,
I am authenticating on a DC over 30 miles away when i have a valid dc not 10
feet from my desk.

Is there a registry value I can modify to fix this? Would be an easy matter
to deploy a script or policy to make these changes on a widespread basis if
so. And yes, we should probably break up our sites for site to site AD
replication to resolve the issue, but at this time that is not an option.
--
MCSA 2003:Security
A+, NET+, Security+
 
Reply With Quote
 
 
 
 
Steven L Umbach
Guest
Posts: n/a
 
      10-18-2004
I don't know of a registry entry. You could force the issue with an ipsec
filtering policy using permit and block rules to block access to all but the
dc's you want a domain computer to use but then you run the risk that the
user will not be able to authenticate if the "preferred" domain controllers
are not available. Check the preferred dns servers for your domain computers
in tcp/ip settings to make sure that the first dns server in the list is a
"local" domain controller. Using sites is the best solution. The _srv
records for domain controllers can be tweaked for priority and balancing but
I am not sure that will solve your problem. You might also want to post in
the win2000.active_directory newsgroup. Even though it is a W2K newsgroup,
most of the gurus there know Windows 2003 also which is not much different
in most respects.. --- Steve


"TTurner" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> In an AD environment with multiple sites, all DC's are 2003, and multiple
> DC's at each site, how can I force authentication to a specific domain
> controller? The problem is, that our "sites" are comprised of several
> different subnets for several different physical locations, so when I
> logon,
> I am authenticating on a DC over 30 miles away when i have a valid dc not
> 10
> feet from my desk.
>
> Is there a registry value I can modify to fix this? Would be an easy
> matter
> to deploy a script or policy to make these changes on a widespread basis
> if
> so. And yes, we should probably break up our sites for site to site AD
> replication to resolve the issue, but at this time that is not an option.
> --
> MCSA 2003:Security
> A+, NET+, Security+



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Nike air force one, air force 1, air force one low cut, air force one abdul_razak@indiatimes.com Digital Photography 2 12-31-2008 04:29 PM
Nike Air Force Ones,Air Force One Air Force One-1 lky52193@gmail.com Computer Support 0 01-17-2008 04:40 PM
Nike Air Force Ones,Air Force One Air Force One-1,25th anniversary lky52112@gmail.com Digital Photography 0 01-15-2008 04:46 PM
Nike Air Force Ones,Air Force One Air Force One-1,25th anniversary lky52112@gmail.com Digital Photography 0 01-15-2008 04:34 PM
how to force DC to use a specific cell ? whizkid VHDL 5 11-09-2004 07:23 AM



Advertisments