Workstations will follow a pre-defined set of checks to get authentication. You can't and I'd argue don't want to prevent them from being able to get authentication if they don't get it in their own site. This set of checks is dependent on the workstation version as well.
What workstation versions are you running in these sites? As for sites, the site is the way to define the "preferred" DC to authenticate the workstations. It's not an absolute, but in your situation, having a site for building A and a site for building B sounds like what you want. If the workstations fail to authenticate in site A, then they'll go looking for other sites either via DNS else failing that, via broadcast depending on how you have them configured. Check out the reskit for workstations and Active Directory to see more information about how this process works. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tashildar, Dinesh (Cognizant) Sent: Monday, June 14, 2004 8:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LogonServer Absolutely, there no harm to make a another site. But my basic question is Why client desktop get authentication from DC other than their OWN site ? If I create another for building B then again same problem may occur. -Dinesh -----Original Message----- From: Michel SAKR [mailto:[EMAIL PROTECTED] Sent: Monday, June 14, 2004 4:02 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LogonServer The added site will not harm your configuration. site configurations are intended for problems like yours. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Monday, June 14, 2004 11:05 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LogonServer you can't change anything in the site-configuration itself (a site is meant to treat every DC basically the same way). What are your reasons for not wanting to change the site config (i.e. adding another site) - other than not having the permissions to do so? The other options tend to bite you later. /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tashildar, Dinesh (Cognizant) Sent: Montag, 14. Juni 2004 09:28 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LogonServer Hi Guido, Thanks for reply, her are few more inputs. Both these DC's are in different subnet and I really don't want to change any property of other sites. Is there anything I can change in PUNE site ? -dinesh -----Original Message----- From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED] Sent: Monday, June 14, 2004 12:42 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LogonServer "In a site called Pune we have 2 domain controllers which are physically located in 2 different buildings connected by 8mbps line." that's your problem => DCs in the same site will be treated the same - and if both buildings are in the same subnet, then there's not much that you can do about it (you can configure preferred DCs for the clients via registry/GPO, but that's a pain to manage). If the two buildings do have different subnets, then you could tune the priorities for the service-records in DNS, but it's likely easier to create and manage an extra site. This way you can most transparently differentiate the two buildings and your clients will automatically preferr the only DC in their site. /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tashildar, Dinesh (Cognizant) Sent: Montag, 14. Juni 2004 08:33 To: [EMAIL PROTECTED] Subject: [ActiveDir] LogonServer Hi, we have a domain called cts.com and under these domain we have several sites. In a site called Pune we have 2 domain controllers which are physically located in 2 different buildings connected by 8mbps line. Lets say ctsinpuncfaa is located in building A and ctsinpuncfcc is located in building B. Practically if users are seating in building B then ctsinpuncfcc should authenticate it. But some of desktops are going to ctsinpuncfaa and some are out of site domain controllers. (from LOGONSERVER environment variable we are getting this information) How can I restrict users from Building B to get authentication from building B DC only ? Which DC server settings decide this factor ? Any help will be appreciated.. Regards, Dinesh List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
