If I understand your original post, some of the workstations are authenticating to the DC in the other building (same site), and some are using a DC in a completely different site. The other responses answer the first issue (all DCs are treated the same within a site), but don't address the second issue, so here goes...
Do all of your subnets have a corresponding subnet object in AD ? Are all of those subnet objects associated with the correct site object ? That's generally the key to ensuring that the clients know what site they belong to so they prefer the DCs in their own site. The above all assumes 'site-aware' clients, of course - Win2K or WinXP. I believe the "AD Client" add-on for NT4 is site-aware as well, but I've never used it so can't say for sure how it works. Dave -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tashildar, Dinesh (Cognizant) Sent: Monday, June 14, 2004 7:38 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LogonServer Absolutely, there no harm to make a another site. But my basic question is Why client desktop get authentication from DC other than their OWN site ? If I create another for building B then again same problem may occur. -Dinesh -----Original Message----- From: Michel SAKR [mailto:[EMAIL PROTECTED] Sent: Monday, June 14, 2004 4:02 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LogonServer The added site will not harm your configuration. site configurations are intended for problems like yours. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Monday, June 14, 2004 11:05 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LogonServer you can't change anything in the site-configuration itself (a site is meant to treat every DC basically the same way). What are your reasons for not wanting to change the site config (i.e. adding another site) - other than not having the permissions to do so? The other options tend to bite you later. /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tashildar, Dinesh (Cognizant) Sent: Montag, 14. Juni 2004 09:28 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LogonServer Hi Guido, Thanks for reply, her are few more inputs. Both these DC's are in different subnet and I really don't want to change any property of other sites. Is there anything I can change in PUNE site ? -dinesh -----Original Message----- From: Grillenmeier, Guido [mailto:[EMAIL PROTECTED] Sent: Monday, June 14, 2004 12:42 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LogonServer "In a site called Pune we have 2 domain controllers which are physically located in 2 different buildings connected by 8mbps line." that's your problem => DCs in the same site will be treated the same - and if both buildings are in the same subnet, then there's not much that you can do about it (you can configure preferred DCs for the clients via registry/GPO, but that's a pain to manage). If the two buildings do have different subnets, then you could tune the priorities for the service-records in DNS, but it's likely easier to create and manage an extra site. This way you can most transparently differentiate the two buildings and your clients will automatically preferr the only DC in their site. /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tashildar, Dinesh (Cognizant) Sent: Montag, 14. Juni 2004 08:33 To: [EMAIL PROTECTED] Subject: [ActiveDir] LogonServer Hi, we have a domain called cts.com and under these domain we have several sites. In a site called Pune we have 2 domain controllers which are physically located in 2 different buildings connected by 8mbps line. Lets say ctsinpuncfaa is located in building A and ctsinpuncfcc is located in building B. Practically if users are seating in building B then ctsinpuncfcc should authenticate it. But some of desktops are going to ctsinpuncfaa and some are out of site domain controllers. (from LOGONSERVER environment variable we are getting this information) How can I restrict users from Building B to get authentication from building B DC only ? Which DC server settings decide this factor ? Any help will be appreciated.. Regards, Dinesh List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
