RE: [ActiveDir] Set Preferred DC

[Ulf B. Simon-Weidner]

Title: Re: [ActiveDir] Set Preferred DC

<simplified>

Actually the client tries to connect to the DC where he last logged on first, then recieves the name of the site, queries the DCs in that Site and performs a RPC-Ping to see who's resonding fast enough.

</simplified>

 

The feature Dave mentioned is the classid, you are able to set the classid of specific clients and change the DHCP-Options for that classid. The clientside can be configured using GPOs or by using the ipconfig /setclassid command.

 

This will not enable to you to set a prefered DC, it just enables you to provide different DHCP-Options such as DNS-Suffix or DNS-Servers.

 

Gruesse - Sincerely,

 

Ulf B. Simon-Weidner

 

---

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland
Sent: Tuesday, September 07, 2004 10:53 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Set Preferred DC

I am familiar with open source DHCP products publishing an OpenLdap server and searchbase, but haven’t really looked to the MS product for that.  To my knowledge, the client will perform an rpc call to the local netlogon service thereby calling DSGetDCName and invoking one of two Locators.  Either the DNS or Netbios locator then will work their magic to return the necessary records.  I was hoping that there may be a regkey to preclude this process, but thus far I haven’t found anything.

Thanks

Brent

---

From: Perdue David J Contr InDyne/Enterprise IT <[EMAIL PROTECTED]>
Reply-To: <[EMAIL PROTECTED]>
Date: Tue, 7 Sep 2004 20:25:07 -0000
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: [ActiveDir] Set Preferred DC

Isn't that a setting that you can push via DHCP?  I want to say you can put a "tag" on your clients so that they can receive different info via DHCP without having to be on a different subnet.
For the life of me, I can't remember what MS calls the "tag".

Dave

---

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Willem Kasdorp
Sent: Tuesday, September 07, 2004 12:08 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Set Preferred DC

All right, seriously then. If you really insist on hacking it instead of fixing nameresolution you can use nltest to reset the secure channel to the DC you want. That sound better?
 

---

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland
Sent: Tuesday, September 07, 2004 8:44 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] Set Preferred DC

That's Brilliant! Then we could just stop resolving DNS names except for DCs.  We could break file & print, internet & everything else, but the client would be authenticated right where we want them....

---

From: Willem Kasdorp <[EMAIL PROTECTED]>
Reply-To: <[EMAIL PROTECTED]>
Date: Tue, 7 Sep 2004 20:18:17 +0200
To: <[EMAIL PROTECTED]>
Subject: RE: [ActiveDir] Set Preferred DC

That's easy. On W2000 and XP, remove the DNS servers from the IP settings, and put the relevant DC entries in the HOSTS file. For W9x, set #DOM and 1b records in LMHOSTS. That way you insure the can only find the DC's you want them to.
 
--
   Regards, Willem
 
P.S.
 
> If we could just skip over that whole bit it would be great.
That was pretty hard, but I did it!
 
 

---

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>  On Behalf Of Brent Westmoreland
Sent: Tuesday, September 07, 2004 5:24 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Set Preferred DC

Ok Guys,

I am about to ask a question that may stir up a great deal of conversation about "Good Practice" and "Avoiding Hard Coded Entries", If we could just skip over that whole bit it would be great.  That being said, I need to control the logonserver of individual machines running operating systems ranging from win98, to NT4.0, win2k, and winXP.  This is a mixed mode active directory domain in a typical branch office deployment single domain, single forest.  Again this needs to be on individual machines so please don't respond with a  DNS answer, I'm looking for a reg hack or a utility like setprfdc.exe that will work in an ActiveDirectory Domain on all of the previously mentioned operating systems.

Thanks,

Brent