Discussion:
Force client to authenticate to specific DC
(too old to reply)
Dave
2004-06-28 17:15:44 UTC
Permalink
I have a domain with a few DC's. Can I create a GPO to a computer OU to
force the clients to authenticate to a specific DC? Or another way to do
similar?
Thanks!!
ptwilliams
2004-06-28 20:00:52 UTC
Permalink
No you cannot. Only site allocation and subnet prioritisation will dictate
which DC you logon to; if there's more than one DC in a site, then it will
appear to the end user as random (DNS uses round-robin record allocation by
default).

If you have multiple sites, proper configuration of sites and subnets will
ensure that logon doesn't occur across the WAN (unless the local DCs are
down).
--
Paul Williams
_________________________________________
http://www.msresource.net

Join us in our new forums!
http://forums.msresource.net
_________________________________________
"Dave" <***@here.bc.ca> wrote in message news:O$***@TK2MSFTNGP12.phx.gbl...
I have a domain with a few DC's. Can I create a GPO to a computer OU to
force the clients to authenticate to a specific DC? Or another way to do
similar?
Thanks!!
Chriss3
2004-06-28 20:47:32 UTC
Permalink
Hello,
What Paul says about sites are true, How ever you can actually hide DCs and
disable the Requirement that a Global Catalog Server Be Available to
Validate User Logons

http://support.microsoft.com/default.aspx?scid=kb;en-us;241789
--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
Post by ptwilliams
No you cannot. Only site allocation and subnet prioritisation will dictate
which DC you logon to; if there's more than one DC in a site, then it will
appear to the end user as random (DNS uses round-robin record allocation by
default).
If you have multiple sites, proper configuration of sites and subnets will
ensure that logon doesn't occur across the WAN (unless the local DCs are
down).
--
Paul Williams
_________________________________________
http://www.msresource.net
Join us in our new forums!
http://forums.msresource.net
_________________________________________
I have a domain with a few DC's. Can I create a GPO to a computer OU to
force the clients to authenticate to a specific DC? Or another way to do
similar?
Thanks!!
ptwilliams
2004-06-28 21:06:40 UTC
Permalink
Hmmm...stopping DCs looking to a GC for logon still wont force a machine to
use a specific DC when there is more than one DC per site.

However, your comment about hiding DCs sounds interesting -I've not heard of
this before. Can you provide some pointers to this??
--
Paul Williams
_________________________________________
http://www.msresource.net

Join us in our new forums!
http://forums.msresource.net
_________________________________________
"Chriss3" <***@chrisse.se> wrote in message news:***@TK2MSFTNGP12.phx.gbl...
Hello,
What Paul says about sites are true, How ever you can actually hide DCs and
disable the Requirement that a Global Catalog Server Be Available to
Validate User Logons

http://support.microsoft.com/default.aspx?scid=kb;en-us;241789
--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
Post by ptwilliams
No you cannot. Only site allocation and subnet prioritisation will dictate
which DC you logon to; if there's more than one DC in a site, then it will
appear to the end user as random (DNS uses round-robin record allocation by
default).
If you have multiple sites, proper configuration of sites and subnets will
ensure that logon doesn't occur across the WAN (unless the local DCs are
down).
--
Paul Williams
_________________________________________
http://www.msresource.net
Join us in our new forums!
http://forums.msresource.net
_________________________________________
I have a domain with a few DC's. Can I create a GPO to a computer OU to
force the clients to authenticate to a specific DC? Or another way to do
similar?
Thanks!!
Dave
2004-06-28 21:51:43 UTC
Permalink
Thaks for the help guys.
Post by ptwilliams
Hmmm...stopping DCs looking to a GC for logon still wont force a machine to
use a specific DC when there is more than one DC per site.
However, your comment about hiding DCs sounds interesting -I've not heard of
this before. Can you provide some pointers to this??
--
Paul Williams
_________________________________________
http://www.msresource.net
Join us in our new forums!
http://forums.msresource.net
_________________________________________
Hello,
What Paul says about sites are true, How ever you can actually hide DCs and
disable the Requirement that a Global Catalog Server Be Available to
Validate User Logons
http://support.microsoft.com/default.aspx?scid=kb;en-us;241789
--
Regards
Christoffer Andersson
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips
Post by ptwilliams
No you cannot. Only site allocation and subnet prioritisation will
dictate
Post by ptwilliams
which DC you logon to; if there's more than one DC in a site, then it will
appear to the end user as random (DNS uses round-robin record allocation
by
Post by ptwilliams
default).
If you have multiple sites, proper configuration of sites and subnets will
ensure that logon doesn't occur across the WAN (unless the local DCs are
down).
--
Paul Williams
_________________________________________
http://www.msresource.net
Join us in our new forums!
http://forums.msresource.net
_________________________________________
I have a domain with a few DC's. Can I create a GPO to a computer OU to
force the clients to authenticate to a specific DC? Or another way to do
similar?
Thanks!!
Ace Fekay [MVP]
2004-06-29 01:54:58 UTC
Permalink
Post by ptwilliams
Hmmm...stopping DCs looking to a GC for logon still wont force a
machine to use a specific DC when there is more than one DC per site.
However, your comment about hiding DCs sounds interesting -I've not
heard of this before. Can you provide some pointers to this??
--
Paul Williams
_________________________________________
http://www.msresource.net
Join us in our new forums!
http://forums.msresource.net
_________________________________________
Hello,
What Paul says about sites are true, How ever you can actually hide
DCs and disable the Requirement that a Global Catalog Server Be
Available to Validate User Logons
http://support.microsoft.com/default.aspx?scid=kb;en-us;241789
Post by ptwilliams
No you cannot. Only site allocation and subnet prioritisation will
dictate which DC you logon to; if there's more than one DC in a
site, then it will appear to the end user as random (DNS uses
round-robin record allocation by default).
If you have multiple sites, proper configuration of sites and
subnets will ensure that logon doesn't occur across the WAN (unless
the local DCs are down).
--
Paul Williams
_________________________________________
http://www.msresource.net
Join us in our new forums!
http://forums.msresource.net
_________________________________________
I have a domain with a few DC's. Can I create a GPO to a computer OU
to force the clients to authenticate to a specific DC? Or another
way to do similar?
Thanks!!
Here's another interesting link on how to force a DC to allow a client to
logon if the GC is not available. Maybe use this with some sort of strategy
in conjunction with the other link in forcing a logon:

How can I let users log on to the domain when they can't contact the Global
Catalog (GC):
http://www.winnetmag.com/Article/ArticleID/39960/39960.html
--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
Loading...