|
Try reading "Authentication Topology" by Gil Kirkpatrick. I am not sure if it's a member-only doc, but it's available at http://www.winnetmag.com/Articles/Print.cfm?ArticleID=37935
Sincerely,
D�j� Ak�m�l�f�, MCSE MCSA MCP+I Microsoft MVP - Directory Services
www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Darren Mar-Elia Sent: Fri 5/7/2004 7:12 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Need to confirm a behavior in AD Sites as it pertains to authenti cation. Todd- Not sure if this will get to your specific issue here, but Gil wrote a great article about the DC discovery process on Windows & .Net magazine here: http://www.winnetmag.com/Article/ArticleID/37935/37935.html From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Myrick, Todd (NIH/CIT) Sent: Friday, May 07, 2004 6:51 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Need to confirm a behavior in AD Sites as it pertains to authenti cation. I am searching for an article that identifies the behavior that of how authentication DC’s are selected based on AD sites. Here is why. Our default site cost for all our sites in the hub and spoke architecture is 10. We had a situation where we have a BDC “Domain H that is in Mixed mode” on the same network as our Hosted Exchange Servers on “Domain N that is in Native Mode”. The Exchange Servers managed to establish a secure channel with the DC’s of “Domain H” AD PDC which is located in a different site from the Hosted Exchange Servers and “Domain H’s BDC”. When the “Domain Admin of H moved one of there servers to a Site starting with A, we saw the secure channel get changed to the site with an A in it. So our suspicions are as follows. We believe authentication is served locally if possible (Meaning on the same subnet). If there are no local DC’s and the domain is in mixed mode, it will use sites based on cost. If there are multiple sites to chose from. It will then select a site based on its order is AD Sites & Services. The reason why is that we moved the DC back to a site lower in the site list and it changed to secure channel. Thanks, Todd |
- [ActiveDir] Need to confirm a behavior in AD Sites ... Myrick, Todd (NIH/CIT)
- RE: [ActiveDir] Need to confirm a behavior in ... simon.geary
- RE: [ActiveDir] Need to confirm a behavior in ... Darren Mar-Elia
- RE: [ActiveDir] Need to confirm a behavior in ... Eric Fleischman
