Which Domain Controller is doing the authenticating?

Discussion in 'Server Networking' started by vidro, Jan 9, 2006.

  1. vidro

    vidro Guest

    Enviroment = Windows 2003 Active Directory

    Having multiple, DC's how can I find out which DC authenticated certain
    clients?
    How can I configure clients to be authenticated by specific DC's?
     
    vidro, Jan 9, 2006
    #1
    1. Advertisements

  2. Hi,

    You can run following command on your server...

    echo %logonserver%

    and it will tell you which server authenticated you.

    If computers are in different subnets - you could implement Sites and force
    clients to try and connect to nearest DC first (nearest DC would be one in
    same subnet (Site)).
     
    Miha Pihler [MVP], Jan 9, 2006
    #2
    1. Advertisements

  3. vidro

    vidro Guest

    How to force to specific DC if there is no sub-nets?
     
    vidro, Jan 9, 2006
    #3
  4. You can't. Client will use DNS to locate a DCs.
     
    Miha Pihler [MVP], Jan 9, 2006
    #4
  5. vidro

    Asher_N Guest

    Why would you want to? Multiple DCs are fault tolerant. Do you really
    want to deal wth the CEO not being able to logon because his DC is down
    while everybody around is working?????
     
    Asher_N, Jan 9, 2006
    #5
  6. vidro

    vidro Guest

    So if you have 2 or 3 DC's on the same subnet the distinguishing factor for
    a preferred authentication server would be what?
    If the answer for the previous question is "The closest" what would be the
    discerning value for "closest" ?
    I guess I'm asking if physically a DC is 10 feet from a client is it
    possible that a DC 100yrds away could be doing the authentication for that
    client?
     
    vidro, Jan 9, 2006
    #6
  7. Closest would mean in the same subnet. You can have e.g. different locations
    (even flours) in different subnet.

    Yes, DC that is 100 yards away might be at times better authentication
    server then the one 10 feet away. When? When that server 10 feet away is
    overloaded with other requests and would take it 30 seconds to process
    client's response while server 100 yards away will do it in only 5...
     
    Miha Pihler [MVP], Jan 9, 2006
    #7
  8. vidro

    vidro Guest

    Asher,
    these are just question that I feel could help me trouble shoot some issues
    that I'm dealing with.
    But your thinking has a 2 edge sword, if the CEO keeps being authenticated
    by the slower DC than there is an appearance that there is a problem and
    possibly so.
    If I can point him to the faster server till the problem with the slower DC
    is solved than things aren't as gloomy as you elude to.
     
    vidro, Jan 9, 2006
    #8
  9. vidro

    vidro Guest

     
    vidro, Jan 9, 2006
    #9
  10. Why is one of the servers slower? Hardware or ?
     
    Miha Pihler [MVP], Jan 9, 2006
    #10
  11. vidro

    Asher_N Guest

    If all your DCs are local, and one of them is significately slower,
    either it needs to be upgraded, or you are have more serious network
    issues. Harcoding workstation to a DC only masks the problem.

    How large an environment do you have? How many workstations? howm many
    DCs? how many GCs?
     
    Asher_N, Jan 9, 2006
    #11
  12. vidro

    Asher_N Guest

    Whichever is not busy at the time. The client basically requests
    authentication, the first DC able to do so responds. In a single location
    LAN, they are pretty much the same. It is possible that a DC half-way
    across the globe connected with an OC48 can respond faster than the one
    under your desk.
     
    Asher_N, Jan 9, 2006
    #12
  13. Hi,

    As mentioned -- clients use DNS to find domain controllers. This happens
    quite early in boot process. Once it has the list of domain controllers it
    uses any one of them if they have equal settings in DNS.

    What you can do is change DNS settings to specify that you would like to use
    specific DC most of the time. For this to work you will have to change
    Weight and/or Priority for DNS SRV record for specific DC.

    Still -- my question would be what is the reason that one of the DCs is
    slower? Is it a hardware problem or is there another problem? If it is not
    hardware -- try to figure out what could be the problem and try to solve it.
    I would first look into Event Logs and DNS settings on the servers

    Reducing the workload on the PDC emulator master
    http://www.microsoft.com/technet/pr...ons/df86810b-9fc5-49b8-a704-d01c042cf460.mspx
     
    Miha Pihler [MVP], Jan 9, 2006
    #13
  14. vidro

    vidro Guest

    The problem is beyond the scope of this thread but in a nut shell and this is
    the first time I've eluded to it this way is I'm dealing with a Hodge-podge
    of crap that started in 1994.
    Technology advanced faster than those that knew how to use it. It's was like
    sticking a sixteen yr old behind the wheel of a 1970 Mustang Mach Cobra Jet.
    Upper management thought they knew what they were talking about when most
    didn't even know how to spell it.
    I'm dealing with no support from developers who have a hippy mentality of
    give every body what they want.
    I have owner ship that has no direction. An IT manager that technologically
    sucks but Politically could run for president.
    No body wants to spend money but they all want the latest techno gadgets
    regardless if it actually is the appropriate fix for the problem.
    The real issue is "people" it's not the machines, it's not the technology.
    People don't do their jobs and everyone thinks technology will solve this
    problem.
    Dang I guess that has been building for about 15 years, sorry didn't mean
    to spoil this thread.

    Back to the original issue.
    I'm stuck is what it comes down to since communication around here is very
    bad, To try and orchestrate an optimized network is impossible.
    Focus changes from day to day, again no one speaks to those that have to
    implement, than implementation is hampered by the expedience require and
    dictated by managment
    I'm in mixed mode NT4/win2003. We bypassed WIN2K and were going to gently
    migrate into Win2003. 2 years ago that plan got shot down when somebody in
    owner ship wanted to run a server app that needed AD, they gave me 1 week to
    move a network of 12 remote locations, 500 employees, and 8 servers over to
    Active directories. I've been living wit that decision ever since.
    I still have 1 NT4 BDC and 2 other servers that are running NT4. There are
    15 workstations still on WIN98 that will not be up graded.
    I'm duck taping and chicken wiring this thing till it all falls apart and of
    course when it does it will be my fault.
     
    vidro, Jan 10, 2006
    #14
  15. vidro

    Asher_N Guest

    I'd say it's high time to get out of Dodge. You are in a no-win situaton.
     
    Asher_N, Jan 10, 2006
    #15
  16. vidro

    vidro Guest

    I apologize for using this thread for my sounding board
    Bailing from tough issues is not my style. As much sleep as I loose and all
    the extra pains this job may put on me I stay because I always think there is
    hope and even though no one else may have a vision I do.
    I look at it like being an artist to take something that is floundering and
    create this great technological tool that lets data flow like water and all
    the required issues that degrade system are no more.
    Dang, some body give me a pee test I most be on drugs, I just got done
    whining about my situation now I'm some how defending it, crap I am confused.
     
    vidro, Jan 11, 2006
    #16
  17. vidro

    Asher_N Guest

    Don't worry about this being a sounding board. We've all been there.
    There is a difference between sticking to tough issiues and being a
    situation where you'll end up being blame for not doing a job that you
    are not given the tools to do in the first place.
     
    Asher_N, Jan 12, 2006
    #17
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.