Announcement

Collapse
No announcement yet.

How to prevent a Domain Controller from Authenticating users?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to prevent a Domain Controller from Authenticating users?

    I want to add the following line to the logon scripts:
    net use i: %logonserver%\apps

    The goal is to make it so that roaming users run their server apps from their local server.

    There are a few sites that have for than 1 windows 2000 domain controller for various resons.

    All sites have only 1 file server.

    How can I make it so that only 1 domain controller per site authenticates users? or is this even possible. Is there a service I can possibly disable?

    thanks

  • #2
    Re: How to prevent a Domain Controller from Authenticating users?

    In each active directory site its recommanded to install DC & GC and set the DC's as DNS. So, if the client get DNS server IP of its local site DC/GC, there no need to change anything.
    In small networks, its recommanded to setup all the DC's as GC's and verify
    correct DNS & IP settings.
    Farther information can be review in:

    http://www.microsoft.com/technet/pro...tep/adsrv.mspx

    Regards,

    Yuval
    Best Regards,

    Yuval Sinay

    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

    Comment


    • #3
      Re: How to prevent a Domain Controller from Authenticating users?

      Do you have a common naming convention for the servers ? Do you have any kind of criteria by which you can identify the file server at the local site ?

      I would refrain from altering DCs settings - this just does not look as the appropriate solution for the problem.
      Guy Teverovsky
      "Smith & Wesson - the original point and click interface"

      Comment


      • #4
        Re: How to prevent a Domain Controller from Authenticating users?

        Yes there is a common naming convention. In a site with multiple domain controllers, the file server would be named something like SRVBS01 whereas a mail server would be SRVIM01 and a sql server would be SRVDB01.

        I may scrap the whole idea though.

        I tested it out on a site that has only 1 domain controller.

        One user couldnt run her server apps because she had been authenticated by a domain controller at a different site. Because of this, she received an I:\ drive mapping to that remote server.

        I wish I knew of a way to prevent this remote authentication.

        I guess this is related to a thread I had posted in the scripting forum. Its just that no one got back with an example of what the script would look like.

        http://forums.petri.com/showthread.php?t=6572

        Thanks

        Comment


        • #5
          Re: How to prevent a Domain Controller from Authenticating users?

          Any chance that the server name has the site name in it ?
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"

          Comment


          • #6
            Re: How to prevent a Domain Controller from Authenticating users?

            each server name begins with a 3 character city code

            so if there are 3 servers in the san diego site for example, they all start with SAN

            SAN is not neccessarily the name of the site as it pertains to active directory sites and services however.
            Last edited by armstrongtj; 19th March 2006, 10:13.

            Comment

            Working...
            X