RE: [ActiveDir] Clients being logged on by DCs at other sites

Dave Kinnamon Tue, 29 Oct 2002 10:55:00 -0800

All,

These two KB articles talk most of what has been discussed .. and more.
Hopefully they will clear the air a bit ...



How Domain Controllers Are Located in Windows
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q247811

Windows 2000 members Still Authenticate with BDCs after PDC Upgrade
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q309273



Dave





-----Original Message-----
From: Gil Kirkpatrick [mailto:gilk@;netpro.com]
Sent: Tuesday, October 29, 2002 11:34 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Clients being logged on by DCs at other sites


You can delete them, but because the DCs publish them, they might very well
reappear. You should figure why they got there and verify that the source of
the problem has been addressed. Nothing more frustrating than deleting a
bunch of objects just to have them reappear an hour later ;)

Possible reasons:
1. At some point in time the DC had a different IP address
2. At some point the DCs subnet was assigned to a different site
3. The site that has the bogus records was being covered by that DC because
at some point the site was DC-less
4. etc...

-gil


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:rrutherford@;dek.com] 
Sent: Tuesday, October 29, 2002 8:33 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Clients being logged on by DCs at other sites



Thanks... I can see the entries in the sites that shouldn't be there... both
a _ldap and _kerberos record. Is it safe to delete these records if they
also exist in other sites?

Thanks again

Robert Rutherford



 

                      "Tim HInes"

                      <[EMAIL PROTECTED]        To:
<[EMAIL PROTECTED]>

                      m>                             cc:

                      Sent by:                       Fax to:

                      [EMAIL PROTECTED]        Subject:  Re:
[ActiveDir] Clients being logged on by DCs at other sites                 
                      tivedir.org

 

 

                      29/10/2002 15:05

                      Please respond to

                      ActiveDir

 

 





If your sites are configured correctly then I would assume that there may be
a dns problem.  DCs register ldap records in the site that they are a member
of.  Look in your zone for _msdcs/ dc/ _sites/ site name .  Each site name
folder should only have ldap records for the DCs that are within its site.
If the records are not where they should be then the client may be receiving
a referral to a DC that is not within its site.

Tim Hines, MCSA, MCSE (2000 & NT4)
MVP - Active Directory




----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 29, 2002 9:54 AM
Subject: [ActiveDir] Clients being logged on by DCs at other sites


>
> Hi All,
>
> All my DC's are W2K, and since moving  a considerable amount of NT4
clients
> to 2000, I have noticed that 'some' clients are periodically being 
> logged on by DCs at other sites. All my site config is correct, and my 
> DC's have relatively very little load.
>
> Some of my remote sites have very small pipes, and I do not want 
> clients being authenticated outside of their site/subnet.
>
> Has anyone seen this or know where else I can look?
>
> Thanks
>
> Robert Rutherford
>
>
>
>
> ********************************************************************
> This E-mail and any files transmitted with it are in commercial 
> confidence and intended solely for the use of the individual or entity 
> to whom they are addressed. If you have received this E-mail in error 
> please notify the Administrator by E-mail ([EMAIL PROTECTED]).
>
> Any views or opinions expressed are solely those of the author and do 
> not necessarily represent those of DEK Printing Machines Ltd., or its 
> affiliates.
> ********************************************************************
> This footnote signifies that this message has been
> checked for viruses using Norton and McAfee.
> ********************************************************************
>
> List info   : http://www.activedir.org/mail_list.htm
> List FAQ    : http://www.activedir.org/list_faq.htm
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/




List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Clients being logged on by DCs at other sites

Reply via email to