Which Domain Controller are we using to authenticate with?

[bdoub1eu]

Hi all! We have 3 Domain Controllers running Win 2000 AD at our site...Is there a way to know which of these we are using to login? I know that some workstations use local cache to login...

I think we can check the Security logs on each of these to see which one is authenticating what day...How is this managed? Does one DC authenticate one day or is it just the first DC to respond to a users login request?

Thanks everyone!

 

[SmokinRR]

I'm not positive about this, but I believe that the domain controllers hold an 'election' to see which is authoritative. The authoritative DC will be the first to authorize logins, if it is unreachable one of the other two will automatically authenticate in it's place. You can check event logs for results of elections I believe. Just out of curiosity, why do you want to know which DC is authenticating?

J

 

[bdoub1eu]

Well, I was actually asked by our Help Desk guy...

From time to time, he creates users on the network and he wanted to know which DC handles login requests so he could create new users on that DC so he can create the user immediately login and not have to wait for replication to occur. I told him that replication only takes a few minutes at most but then it spurred the question of trying to find out which one would be authoritative and when...Thanks for the response!

 

[SmokinRR]

ahh, I see, that does make sense. There are ways to force synchronization, using the Repadmin tool from the Resource Kit, I dont have any experience using it though, so you'd have to do some research on it.

Good luck

J

 

[buddafish]

try the "set" command, it will list the logon server (as well as a bunch of other info).

yes you can force replication from sites and services. when i am making changes, i do this quite often. especially for our remote sites.

good luck

scottie

 

[bdoub1eu]

Thanks buddafish!

The set command? What exactly would I type in to do that? Also what's the best way to force synchronization between DC's? Thanks!

 

[buddafish]

from the command line type set
press enter

your screen will fill with info

for replication, go to active directory sites and services, expand the site in question, expand the servers, expand the ntds settings and in the right hand pane right click a server and choose "replicate now"

if you need to force replication across site boundaries, then the you will need the support tools --> active directory replication monitor ---> add a server ---> right click that server ---> choost to syncronize each directory partition w all servers ---> choose selection #3 "cross site boundries" and choose ok.

this will force replication across all links and to the bridgehead servers, then triggering all intra-site replications. give it a minute or two. all changes will replicate

good luck

scottie

 

[bdoub1eu]

Works like a charm...Thanks!

 

[bdoub1eu]

On which server do I choose replicate now? The one where I made the changes?

 

[bdoub1eu]

Under each server's NTDS, should I have a connection to each of the other DC's?

 

[buddafish]

AD configures replication partners by default ~ "automatically generated". you can, of course, add other servers that you would like to have a replication connection to. i believe it would not matter which server you choose to activate replication FROM , as long as the other servers are in the same site. all DC's in a site will request the most current AD info and adjust as needed. if you are crossing site boundries, then you will need to use "rep-mon" and force the replication across the links, else the transfer of info will go at the next schedualed time.