Thanks for your concern, but I don’t have a problem with name resolution.
I had a problem with a client who did not want to go through the process of removing his nt4 bdc’s and switching to Active Directory native mode prior to replacing his failing exchange 5.5 server with exchange 2000. He was hoping for a way to guarantee that those few clients that experienced problems connecting to exchange 2000 because they had been authenticated by an nt4 bdc could be hard re-directed to a specific windows 2000 domain controller with knowledge of the necessary Exchange2000 attributes. He requested this as a work around for all of his workstations, although I had already informed him that this was a bad idea, not advisable, and finally not necessary for Win2k & WinXp machines. However, IT Managers being a different breed than most, tend to ask questions that they require an accurate answer to. One example of such a question might be “Can we force individual workstations that might experience this problem to authenticate to a specific DC?”
Luckily, KB article 297016, has given me all of the necessary ammunition to put this situation to bed, and force the upgrade to Active Directory Native Mode prior to attempting an exchange upgrade. So I no longer require an answer to this question.
To answer your question, since I am not dealing with a secure channel on a trust nltest doesn’t really solve the problem of persistent domain controller location either. So unfortunately, no, it does not sound better.
Please be aware that I do not agree with belittling an individual who has offered assistance and my earlier response may have been harsh, however; authenticating a user with a specific domain controller only to entirely take away all of the services that they may have been authenticated to, doesn’t really solve the problem that was posed.
I would like to thank you for your time, apologize if I’ve hurt your feelings, and request that we bury this issue.
Thanks
From: Willem Kasdorp <[EMAIL PROTECTED]>
Reply-To: <[EMAIL PROTECTED]>
Date: Tue, 7 Sep 2004 21:08:17 +0200
To: <[EMAIL PROTECTED]>
Subject: RE: [ActiveDir] Set Preferred DC
All right, seriously then. If you really insist on hacking it instead of fixing nameresolution you can use nltest to reset the secure channel to the DC you want. That sound better?
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland
Sent: Tuesday, September 07, 2004 8:44 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Set Preferred DC
That’s Brilliant! Then we could just stop resolving DNS names except for DCs. We could break file & print, internet & everything else, but the client would be authenticated right where we want them....
From: Willem Kasdorp <[EMAIL PROTECTED]>
Reply-To: <[EMAIL PROTECTED]>
Date: Tue, 7 Sep 2004 20:18:17 +0200
To: <[EMAIL PROTECTED]>
Subject: RE: [ActiveDir] Set Preferred DC
That’s easy. On W2000 and XP, remove the DNS servers from the IP settings, and put the relevant DC entries in the HOSTS file. For W9x, set #DOM and 1b records in LMHOSTS. That way you insure the can only find the DC’s you want them to.
--
Regards, Willem
P.S.
> If we could just skip over that whole bit it would be great.
That was pretty hard, but I did it!
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> On Behalf Of Brent Westmoreland
Sent: Tuesday, September 07, 2004 5:24 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Set Preferred DC
Ok Guys,
I am about to ask a question that may stir up a great deal of conversation about “Good Practice” and “Avoiding Hard Coded Entries”, If we could just skip over that whole bit it would be great. That being said, I need to control the logonserver of individual machines running operating systems ranging from win98, to NT4.0, win2k, and winXP. This is a mixed mode active directory domain in a typical branch office deployment single domain, single forest. Again this needs to be on individual machines so please don’t respond with a DNS answer, I’m looking for a reg hack or a utility like setprfdc.exe that will work in an ActiveDirectory Domain on all of the previously mentioned operating systems.
Thanks,
Brent
