Forcing authentication to a specific DC

[sharyn]

Hi,

I have 5 remotes sites, and my main site here. Each remote site has a DC that users at that site authenticate to when they log onto the domain.

Due to a password policy change, I need to force all my users to change their password, a site at a time, at the next logon. However, I don't want them authenticating with their local DC, I want them to authenticate at the main site, due to replication latency, citrix servers and a firewall that uses account credentials from the main site here.

If I disable the netlogon service, on their local DC's, I am assuming their authentication request will go elsewhere. In the past, I have noticed that when a certain site's server is down, users authenticate with whichever DC nabs their request first.

I don't want this happening. I want to ensure that they do not authenticate with their local DC AND they *do* auth with my DC here.

Is this possible?

If it is, how do I accomplish this?

Thanks,
Sharyn

 

[loganking]

Well, you could always move the remote users to the central site in sites and services, and have them reboot. That way they will(or should) authenicate with your central location.

 

[sharyn]

Actually, you gave me a good idea...

Will this work?

EAch remote site is configured with its own subnet block of IP addresses. EAch subnet block is mapped to a site in sites and services.

If I temporarily took the subnet block from the remote site, and put it in the main site, then, in theory, all machines with IP addresses in that subnet should look to the main's site DC to auth. I have been poking around in the subnet folder under sites and services. There *is* a dropdown box where you can just take a subnet and put it a different site. This would be majorly simple if it works.

Right?

 

[TechyLike]

Sounds good!