I have 3 domain controllers in my Active Directory. 2 DCs are in my network, and 1 is at a co-located facility with a Branch Office VPN established. I was reviewing my firewall logs and noticed that more than a few workstations and servers are using the DC that is at the co-located facility. The workstations and dhcp scope have the correct priority set with the co-located server to be used last. Now I understand that in Windows 2003 there is no such thing as Primary DC, but is there a way to configure the AD to prioritize the DC's. I was looking into AD Sites and Services but don't see a setting for this. All 3 DC's share the same subnet, but the co-located DC is on a different private LAN IP scheme. Can someone point me in the right direction?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Prioritize Domain Controllers in AD
- Thread starter magicrjm
- Start date
The easiest way to get people to stop authenticating to the colo based DC is to create a new site and subnet in AD Sites & Services. Associate the new subnet with the new site and place the DC in the new site. Also, be sure your colo based DC is placed last in your DNS provider list in your DHCP scope options for hosts located at your main facility.
I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
- Thread starter
- #3
Ok, currently my AD sites and services has the default site named "Default-First-Site-Name" with all 3 domain controllers/global catalog servers. At my main facility I have an IP scheme of 192.168.1.xxx/24 and at my colo facility I have an IP scheme of 192.168.2.xxx/24. What you are saying is create a new site name colo, for example and create a new subnet of 192.168.2.0/24 select the site that associates with that and then move the colo DC to the new colo site I created? If that's true, then active directory will first look at the "Default-First-Site-Name", if both those 2 domain controllers are down then I will move to the second site?
You should have a site configured for each physical site. You should have their respective subnets configured for each site. Otherwise, you have users from one site authenticating to DCs in other sites.
Machines and users authenticate to whichever DCs are in their local site.
Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
Machines and users authenticate to whichever DCs are in their local site.
Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
- Thread starter
- #5
I think I'm getting this now. I'm currently setup as follows: I have my main facility in NY, my branch offices are in AZ, CA, GA, and a colo facility in NY. My branch offices in AZ, CA, and GA do not have a DC in there facilities, they look to the DCs at the main facility. The branches have firewall to firewall Branch Office VPNs configured to the main facility in NY. I have a backup DC configured at my colo facility with a firewall to firewall branch office VPN. What I need to do is rename the default site and add the subnets of the main facility, AZ, CA, and GA. Then create a new site named colo (for example) with the appropriate subnet linked to it. This way the main facility, AZ, CA, and GA will use the main facility DCs and if there is a failure on both DCs at the main facility the clients will look to the colo site in AD. Am I correct?
- Status
Similar threads
