Re: [ActiveDir] Restricting machine to specific DC for domain join

Sun, 11 Sep 2005 03:39:26 -0700

That is the exact reason I don't want to do that, I have more than 50 sites, everybody clamoring on that poor DC will be too much. ( what kind of impact I can expect?, any ideas?)

Also, problem is every DC was left in default config, so everybody is at priority 0, so even if I want to use this solution, I have to lower the priority of other 49 DCs to nonzero value.

If I want to implement this, Is there a better way to lower the priority of other DCs, using script or dnscmd?

Because, I can convince my engineers to work at night, and while I change the priorities and before users return can revert them back.


On 9/11/05, Almeida Pinto, Jorge de <[EMAIL PROTECTED]> wrote:
you could try to tweak the DNS priority of that particular DC (by lowering it) so that it will be the first DC to be used... However, other processes will also go to that DC and that may not be desired!

can't think of something else right now..

cheers
Jorge

________________________________

From: [EMAIL PROTECTED] on behalf of Kamlesh Parmar
Sent: Sat 9/10/2005 6:24 PM
To: [email protected]
Subject: [ActiveDir] Restricting machine to specific DC for domain join


Dear All,

At one of the locations, firewall restricts port 139, 445 towards other locations.

And we are mass migrating computers from this location to our domain.

And We know that, normal 2k/XP machine when asked to join domain, will run LDAP query _ldap._tcp.dc._msdcs.domainname
will go to first DC of returned from the result, and try to create account there.
And if the first DC of the result, is remote DC, this attempts is thwarted by firewall, as client can't make initial connection to remote DC's IPC$

Can we do something about this,

Like making sure that for DC Join process, clients go to specific DC only.?

Regards,
Kamlesh
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Fortune and Love befriend the bold"
~~~~~~~~~~~~~~~~~~~~~~~~~~~



This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.




--
~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Fortune and Love befriend the bold"
~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reply via email to