Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Win 2k Offsite Domain Controller / prevent user authentication 1

Status
Not open for further replies.
peteway

peteway

MIS
Jun 9, 2003
7
0
0
US
I have a site that is geographically distant from our corporate/ Headquarters location. I want to deploy a domain controller to it but prevent users from authenticating to it. If I don't set it up as a global catalog server will that take care of it or will I need to do more.
I can if necessary put it on a seconday subnet at that site.
The reason for this is because I want to replicate only at night for DR reasons and the badwidth is limited and there are only a small number of users at that site.
I just want this domain controller to be a 'backup' in case we need it, it will server no other function other than having a working copy of the acive directory database on it.
 
Sort by date Sort by votes
put it on the secondary subnet. then in AD Sites and Services, create a new site and place just this DC inside it. This will have the effect of making workstations communicate with it only in the event of all other DC's in the local site being down.
 
Upvote 0 Downvote
Thats what I was thinking. What about the global catalog thing. I am pretty sure that a user workstation must contact a GC server in order to logon. You think I should do that as well?

How does the workstation determine which site to choose a Domain Controller to use for authenticaion?
 
Upvote 0 Downvote
You should have at least one GC per site as a rule, and usually more depending on your user load. As for the site thing, each workstation determines what site it belongs to as part of it's boot process. It then uses DNS to find DC's in it's site and uses those for authentication.
 
Upvote 0 Downvote
I understand that I should have a gc at each site for logon purposed, but the thing is... I don't want people to use that dc in that site to be able to logon.

currently this remote site has no dc and they authenticate over the wan. once I create another site, currently we only have one, how will the workstation choose which site to logon on using?
ie I will have site A and site B with dc's at each.
I have a wan office which is neither A nor B, how do I control witch site they contact dc's in to authenticate?
 
Upvote 0 Downvote
you create sites by subnet, that's why I told you to put this DC on a separate subnet from your main office. Once the site is created, if you have some workstations on the same subnet as the new DC/site and some not, you can add other subnets into the config if needed, which tells the workstations what site they belong to. That's also how you'd add the WAN office in...
 
Upvote 0 Downvote
Ok, I'll give it a shot.

Thanks for your help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
92
DTGMI
DTGMI
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
189
goombawaho
goombawaho
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
122
fightaccording
fightaccording
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
144
DrB0b
DrB0b
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
80
ADB100
ADB100

Part and Inventory Search

Sponsor

Back
Top