Should PDC's validate logons? Or just BDC's?

[cwhitesock]

We have a NT 4 PDC, and 3 NT 4 BDC's. I'm not sure if the PDC is supposed to handle logons at all or if the user should just be validated by the BDC's. Right now, our PDC is handling most of the logons. I know the user should be validated by the closest/unbusiest DC. (Unless Lmhosts is involved, witch it is not) So should I do something or just let it go?

 

[Kjonnnn]

You have four domains?

 

[cwhitesock]

No, just 1 domain. 1 PDC on that domain, and 3 BDC's on that domain.

 

[chrmc]

We have the same set up as you cwhitesock, and we have our BDC's handling user authentication and profiles. I don't know how that makes you feel when you hear "If it ain't broke, don't fix it" ;-)

Good luck!

 

[polymath5]

It doesn't matter at all which DC authenticates your users, unless one of the BDC's is accross a WAN. And that's really only a performance issue.

When a client sends out log on request the 1st DC that isn't busy responds and authenticates the user.

The only time this can be a problem is if a BDC isn't synching with the PDC for some reason.


This is a very simplified view of user authentication, but it should be enough to assure you. Hope it helps.

 

[cwhitesock]

OK, Thank you much. I live by and like the "If it sin't broke, don't fix it!" I'll go with that.


Thanks again....

 

[coboldave]

How do you prevent users from authenticating across the WAN? This seems to be a major performance issue for me at the moment. Also, are there other activities, that should be either scheduled to be performed after hours or totally stoppped being done automatically and done manual? I have a PDC and 1 BDC that serves all data files and applications (point C), across the WAN I have a BDC that only serves as a print server and stores some utility type files and applications that I offer to users such Adobe and additional printer drivers.

I currently have a wireless 11 MB Cisco WAN connected between my two sites (point A and C). Since there was not a line of site I had to point both ends to a leased tower (point B) and repeated there by identical equipment. The location at point A is experiencing slower connections by additional frequency noise in the area and very much affecting performance. I need to trim my server side sevices as much as possible to give users more speed.

All advise very much appreciated.

David

 

[polymath5]

Service Pack 4 includes a new utility, SETPRFDC.EXE, which will direct a secure channel client to a preferred list of domain controllers.

The syntax is:

C:\> SETPRFDC <Domain Name> <DC1, DC2, ....., DCn>

SETPRFDC will try each DC in the list in order, until a secure channel is established. If DC1 does not respond, DC2 is tried, and so on. Once you run SETPRFDC on a WinNT 4.0, SP4 computer, the list is remembered until you change it. You can run SETPRFDC in batch, via the scheduler, or even in a logon script (for future logons). Don't forget to undo any LMHOSTS entries you might have set.

Hope this helps.

 

[coboldave]

I am running NT 4.0 SP6a and I do not have that utility. Is this something that might come off of the resource kit?

 

[polymath5]

It is on the Service Pack 4 CD. I also think it's on the TechNet CD's, perhaps the res kit too. I'm not at work so I can't check, I'll do it Monday and post back.