Forcing Active Directory traffic through Specific NIC?

Hi,

Is it possible if a machine is a member of a domain and has 2 network cards
to force any AD traffic such as user authentication to go through only one
of the cards? Maybe this could be done by making sure the domain controllers
only register DNS records that are on that card's network?

Thanks - Jane.

Hi Jane

I don't know how this could be done other than with some traffic shaping
device.

The other thing is, why do you want to do this??

Cheers
Keith


"Jane Smith" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> Is it possible if a machine is a member of a domain and has 2 network
> cards to force any AD traffic such as user authentication to go through
> only one of the cards? Maybe this could be done by making sure the domain
> controllers only register DNS records that are on that card's network?
>
> Thanks - Jane.
>

Hi Keith,

I wanted to have traffic going through a seperate NIC for performance
reasons - so that the traffic load is distributed.

Thanks.


"keith" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Jane
>
> I don't know how this could be done other than with some traffic shaping
> device.
>
> The other thing is, why do you want to do this??
>
> Cheers
> Keith
>
>
> "Jane Smith" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi,
>>
>> Is it possible if a machine is a member of a domain and has 2 network
>> cards to force any AD traffic such as user authentication to go through
>> only one of the cards? Maybe this could be done by making sure the domain
>> controllers only register DNS records that are on that card's network?
>>
>> Thanks - Jane.
>>
>
>

Multi-homed DCs do not function very well without a LOT of tweaking. If
anything, I would team those two NICs and configure them for load-balancing
plus adapter fault tolerance in the team properties so if one dies the other
will resume the work. This is not a feature of Windows, but one provided by
some NIC manufacturer's (Intel, Broadcom, etc..).

The top 3 problems experienced when a domain controller is multihomed:

1) Quoted from http://www.ChicagoTech.net:
Master Browsing issue on Multihomed DCBrowsing and/or NetBIOS name
resolution problems, such as failing to find the browse list (no computers,
or only some computers visible under 'My Network Places', frequent browser
elections, or browsing limited to the local segment). This is because "each
browser service bounds to each interface operates independently and does not
merge the browse list for separate networks. The master browser is
confused."

Symptoms of Multihomed Browsers:
http://support.microsoft.com/default...b;EN-US;191611

Information on Browser Operation:
http://support.microsoft.com/?id=102878

2) If you are using Dynamic DNS, similar problems can occur to clients which
use DNS primarily, because the DC will register in DNS with different IP
addresses.

Active Directory Communication Fails on Multihomed Domain Controllers:
http://support.microsoft.com/default...b;en-us;272294

3) Using a DC as a remote access (RRAS) server can also cause problems,
because the DC becomes multihomed as soon as a remote client connects (when
the server acquires a second IP for its RAS or VPN interface).

Routing and Remote Access IP Addresses Register in DNS:
http://support.microsoft.com/default.aspx/kb/289735?

Name resolution and connectivity issues on a Routing and Remote Access
Server that also runs DNS or WINS:
http://support.microsoft.com/default.aspx/kb/292822?

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights

Hi Todd,

Thanks for the reply. A lot of the articles refer to Windows 2000 (my
servers are 2003) - I'm assuming that the articles are still relevant?

Thanks.


"Todd J Heron" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Multi-homed DCs do not function very well without a LOT of tweaking. If
> anything, I would team those two NICs and configure them for
> load-balancing
> plus adapter fault tolerance in the team properties so if one dies the
> other
> will resume the work. This is not a feature of Windows, but one provided
> by
> some NIC manufacturer's (Intel, Broadcom, etc..).
>
> The top 3 problems experienced when a domain controller is multihomed:
>
> 1) Quoted from http://www.ChicagoTech.net:
> Master Browsing issue on Multihomed DCBrowsing and/or NetBIOS name
> resolution problems, such as failing to find the browse list (no
> computers,
> or only some computers visible under 'My Network Places', frequent browser
> elections, or browsing limited to the local segment). This is because
> "each
> browser service bounds to each interface operates independently and does
> not
> merge the browse list for separate networks. The master browser is
> confused."
>
> Symptoms of Multihomed Browsers:
> http://support.microsoft.com/default...b;EN-US;191611
>
> Information on Browser Operation:
> http://support.microsoft.com/?id=102878
>
> 2) If you are using Dynamic DNS, similar problems can occur to clients
> which
> use DNS primarily, because the DC will register in DNS with different IP
> addresses.
>
> Active Directory Communication Fails on Multihomed Domain Controllers:
> http://support.microsoft.com/default...b;en-us;272294
>
> 3) Using a DC as a remote access (RRAS) server can also cause problems,
> because the DC becomes multihomed as soon as a remote client connects
> (when
> the server acquires a second IP for its RAS or VPN interface).
>
> Routing and Remote Access IP Addresses Register in DNS:
> http://support.microsoft.com/default.aspx/kb/289735?
>
> Name resolution and connectivity issues on a Routing and Remote Access
> Server that also runs DNS or WINS:
> http://support.microsoft.com/default.aspx/kb/292822?
>
> --
> Todd J Heron, MCSE
> Windows Server 2003/2000/NT; CCA
> ----------------------------------------------------------------------------
> This posting is provided "as is" with no warranties and confers no rights
>

"Jane Smith" <(E-Mail Removed)> wrote...
>Hi Todd,

>Thanks for the reply. A lot of the articles refer to Windows 2000 (my
>servers are 2003) - I'm assuming that the articles are >still relevant?

Yes.

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights

Hi Jane

I think Todd has supplied you with enough info to avoid going down that path


Also, and as Todd said as well, if you are running a server with NIC teaming
e.g. HP servers, this should provide you with more than enough performance
and if you don't already have Gigabit switches this might be a better
option?

Cheers
Keith


"Jane Smith" <(E-Mail Removed)> wrote in message
news:esvir$(E-Mail Removed)...
> Hi Keith,
>
> I wanted to have traffic going through a seperate NIC for performance
> reasons - so that the traffic load is distributed.
>
> Thanks.
>
>
> "keith" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi Jane
>>
>> I don't know how this could be done other than with some traffic shaping
>> device.
>>
>> The other thing is, why do you want to do this??
>>
>> Cheers
>> Keith
>>
>>
>> "Jane Smith" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Hi,
>>>
>>> Is it possible if a machine is a member of a domain and has 2 network
>>> cards to force any AD traffic such as user authentication to go through
>>> only one of the cards? Maybe this could be done by making sure the
>>> domain controllers only register DNS records that are on that card's
>>> network?
>>>
>>> Thanks - Jane.
>>>
>>
>>
>
>