Thanks to all for there posts. I have spotted a few things that may be of
interest to some of you :-
I originally built and dcpromo'd all my DC's at my main site - they
registered under DNS as DCs for this site. I then moved them to their
relative sites and the DNS entries still remain. I will delete the
irrelevant entries under their specific site.
I tested in my test bed that if you delete a site under DNS, if the site
will returned after a reboot with the relevant entries in..... the answer
is neither reappear
I created a site in my test bed and a DC was automatically registered in
DNS
I also created a couple sites 4 weeks ago, which I have since put new 2000
DCs into . I checked under DNS and there were already 'random' entries for
other DCs within. The new DC/s also had entries.
The bottom line is (for those that don't know) that 2K does not
automatically housekeep any of these DNS records..... get checking.
Best Regards
Robert Rutherford
Dave Kinnamon
<[EMAIL PROTECTED] To:
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
om> cc:
Sent by: Fax to:
[EMAIL PROTECTED] Subject: RE: [ActiveDir] Clients
being logged on by DCs at other sites
tivedir.org
29/10/2002 18:24
Please respond to
ActiveDir
All,
These two KB articles talk most of what has been discussed .. and more.
Hopefully they will clear the air a bit ...
How Domain Controllers Are Located in Windows
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q247811
Windows 2000 members Still Authenticate with BDCs after PDC Upgrade
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q309273
Dave
-----Original Message-----
From: Gil Kirkpatrick [mailto:gilk@;netpro.com]
Sent: Tuesday, October 29, 2002 11:34 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Clients being logged on by DCs at other sites
You can delete them, but because the DCs publish them, they might very well
reappear. You should figure why they got there and verify that the source
of
the problem has been addressed. Nothing more frustrating than deleting a
bunch of objects just to have them reappear an hour later ;)
Possible reasons:
1. At some point in time the DC had a different IP address
2. At some point the DCs subnet was assigned to a different site
3. The site that has the bogus records was being covered by that DC because
at some point the site was DC-less
4. etc...
-gil
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:rrutherford@;dek.com]
Sent: Tuesday, October 29, 2002 8:33 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Clients being logged on by DCs at other sites
Thanks... I can see the entries in the sites that shouldn't be there...
both
a _ldap and _kerberos record. Is it safe to delete these records if they
also exist in other sites?
Thanks again
Robert Rutherford
"Tim HInes"
<[EMAIL PROTECTED] To:
<[EMAIL PROTECTED]>
m> cc:
Sent by: Fax to:
[EMAIL PROTECTED] Subject: Re:
[ActiveDir] Clients being logged on by DCs at other sites
tivedir.org
29/10/2002 15:05
Please respond to
ActiveDir
If your sites are configured correctly then I would assume that there may
be
a dns problem. DCs register ldap records in the site that they are a
member
of. Look in your zone for _msdcs/ dc/ _sites/ site name . Each site name
folder should only have ldap records for the DCs that are within its site.
If the records are not where they should be then the client may be
receiving
a referral to a DC that is not within its site.
Tim Hines, MCSA, MCSE (2000 & NT4)
MVP - Active Directory
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 29, 2002 9:54 AM
Subject: [ActiveDir] Clients being logged on by DCs at other sites
>
> Hi All,
>
> All my DC's are W2K, and since moving a considerable amount of NT4
clients
> to 2000, I have noticed that 'some' clients are periodically being
> logged on by DCs at other sites. All my site config is correct, and my
> DC's have relatively very little load.
>
> Some of my remote sites have very small pipes, and I do not want
> clients being authenticated outside of their site/subnet.
>
> Has anyone seen this or know where else I can look?
>
> Thanks
>
> Robert Rutherford
>
>
>
>
> ********************************************************************
> This E-mail and any files transmitted with it are in commercial
> confidence and intended solely for the use of the individual or entity
> to whom they are addressed. If you have received this E-mail in error
> please notify the Administrator by E-mail ([EMAIL PROTECTED]).
>
> Any views or opinions expressed are solely those of the author and do
> not necessarily represent those of DEK Printing Machines Ltd., or its
> affiliates.
> ********************************************************************
> This footnote signifies that this message has been
> checked for viruses using Norton and McAfee.
> ********************************************************************
>
> List info : http://www.activedir.org/mail_list.htm
> List FAQ : http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
