Which Domain Controller is doing the authenticating?

Enviroment = Windows 2003 Active Directory

Having multiple, DC's how can I find out which DC authenticated certain
clients?
How can I configure clients to be authenticated by specific DC's?

Hi,

You can run following command on your server...

echo %logonserver%

and it will tell you which server authenticated you.

If computers are in different subnets - you could implement Sites and force
clients to try and connect to nearest DC first (nearest DC would be one in
same subnet (Site)).

--
Mike
Microsoft MVP - Windows Security

"vidro" <(E-Mail Removed)> wrote in message
news:07CF12D1-7224-4426-8B89-(E-Mail Removed)...
> Enviroment = Windows 2003 Active Directory
>
> Having multiple, DC's how can I find out which DC authenticated certain
> clients?
> How can I configure clients to be authenticated by specific DC's?

How to force to specific DC if there is no sub-nets?

"Miha Pihler [MVP]" wrote:

> Hi,
>
> You can run following command on your server...
>
> echo %logonserver%
>
> and it will tell you which server authenticated you.
>
> If computers are in different subnets - you could implement Sites and force
> clients to try and connect to nearest DC first (nearest DC would be one in
> same subnet (Site)).
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "vidro" <(E-Mail Removed)> wrote in message
> news:07CF12D1-7224-4426-8B89-(E-Mail Removed)...
> > Enviroment = Windows 2003 Active Directory
> >
> > Having multiple, DC's how can I find out which DC authenticated certain
> > clients?
> > How can I configure clients to be authenticated by specific DC's?
>
>
>

You can't. Client will use DNS to locate a DCs.

--
Mike
Microsoft MVP - Windows Security

"vidro" <(E-Mail Removed)> wrote in message
news:F5465008-ECDE-4DB5-9591-(E-Mail Removed)...
> How to force to specific DC if there is no sub-nets?
>
> "Miha Pihler [MVP]" wrote:
>
>> Hi,
>>
>> You can run following command on your server...
>>
>> echo %logonserver%
>>
>> and it will tell you which server authenticated you.
>>
>> If computers are in different subnets - you could implement Sites and
>> force
>> clients to try and connect to nearest DC first (nearest DC would be one
>> in
>> same subnet (Site)).
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "vidro" <(E-Mail Removed)> wrote in message
>> news:07CF12D1-7224-4426-8B89-(E-Mail Removed)...
>> > Enviroment = Windows 2003 Active Directory
>> >
>> > Having multiple, DC's how can I find out which DC authenticated
>> > certain
>> > clients?
>> > How can I configure clients to be authenticated by specific DC's?
>>
>>
>>

Why would you want to? Multiple DCs are fault tolerant. Do you really
want to deal wth the CEO not being able to logon because his DC is down
while everybody around is working?????

"Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> You can't. Client will use DNS to locate a DCs.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "vidro" <(E-Mail Removed)> wrote in message
> news:F5465008-ECDE-4DB5-9591-(E-Mail Removed)...
>> How to force to specific DC if there is no sub-nets?
>>
>> "Miha Pihler [MVP]" wrote:
>>
>>> Hi,
>>>
>>> You can run following command on your server...
>>>
>>> echo %logonserver%
>>>
>>> and it will tell you which server authenticated you.
>>>
>>> If computers are in different subnets - you could implement Sites
>>> and force
>>> clients to try and connect to nearest DC first (nearest DC would be
>>> one in
>>> same subnet (Site)).
>>>
>>> --
>>> Mike
>>> Microsoft MVP - Windows Security
>>>
>>> "vidro" <(E-Mail Removed)> wrote in message
>>> news:07CF12D1-7224-4426-8B89-(E-Mail Removed)...
>>> > Enviroment = Windows 2003 Active Directory
>>> >
>>> > Having multiple, DC's how can I find out which DC authenticated
>>> > certain
>>> > clients?
>>> > How can I configure clients to be authenticated by specific DC's?
>>>
>>>
>>>
>
>
>

So if you have 2 or 3 DC's on the same subnet the distinguishing factor for
a preferred authentication server would be what?
If the answer for the previous question is "The closest" what would be the
discerning value for "closest" ?
I guess I'm asking if physically a DC is 10 feet from a client is it
possible that a DC 100yrds away could be doing the authentication for that
client?



"Miha Pihler [MVP]" wrote:

> Hi,
>
> You can run following command on your server...
>
> echo %logonserver%
>
> and it will tell you which server authenticated you.
>
> If computers are in different subnets - you could implement Sites and force
> clients to try and connect to nearest DC first (nearest DC would be one in
> same subnet (Site)).
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "vidro" <(E-Mail Removed)> wrote in message
> news:07CF12D1-7224-4426-8B89-(E-Mail Removed)...
> > Enviroment = Windows 2003 Active Directory
> >
> > Having multiple, DC's how can I find out which DC authenticated certain
> > clients?
> > How can I configure clients to be authenticated by specific DC's?
>
>
>

Closest would mean in the same subnet. You can have e.g. different locations
(even flours) in different subnet.

Yes, DC that is 100 yards away might be at times better authentication
server then the one 10 feet away. When? When that server 10 feet away is
overloaded with other requests and would take it 30 seconds to process
client's response while server 100 yards away will do it in only 5...

--
Mike
Microsoft MVP - Windows Security

"vidro" <(E-Mail Removed)> wrote in message
news:56C4FAB2-5739-4E9C-AE68-(E-Mail Removed)...
> So if you have 2 or 3 DC's on the same subnet the distinguishing factor
> for
> a preferred authentication server would be what?
> If the answer for the previous question is "The closest" what would be the
> discerning value for "closest" ?
> I guess I'm asking if physically a DC is 10 feet from a client is it
> possible that a DC 100yrds away could be doing the authentication for that
> client?
>
>
>
> "Miha Pihler [MVP]" wrote:
>
>> Hi,
>>
>> You can run following command on your server...
>>
>> echo %logonserver%
>>
>> and it will tell you which server authenticated you.
>>
>> If computers are in different subnets - you could implement Sites and
>> force
>> clients to try and connect to nearest DC first (nearest DC would be one
>> in
>> same subnet (Site)).
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "vidro" <(E-Mail Removed)> wrote in message
>> news:07CF12D1-7224-4426-8B89-(E-Mail Removed)...
>> > Enviroment = Windows 2003 Active Directory
>> >
>> > Having multiple, DC's how can I find out which DC authenticated
>> > certain
>> > clients?
>> > How can I configure clients to be authenticated by specific DC's?
>>
>>
>>

Asher,
these are just question that I feel could help me trouble shoot some issues
that I'm dealing with.
But your thinking has a 2 edge sword, if the CEO keeps being authenticated
by the slower DC than there is an appearance that there is a problem and
possibly so.
If I can point him to the faster server till the problem with the slower DC
is solved than things aren't as gloomy as you elude to.

"Asher_N" wrote:

> Why would you want to? Multiple DCs are fault tolerant. Do you really
> want to deal wth the CEO not being able to logon because his DC is down
> while everybody around is working?????
>
> "Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
> > You can't. Client will use DNS to locate a DCs.
> >
> > --
> > Mike
> > Microsoft MVP - Windows Security
> >
> > "vidro" <(E-Mail Removed)> wrote in message
> > news:F5465008-ECDE-4DB5-9591-(E-Mail Removed)...
> >> How to force to specific DC if there is no sub-nets?
> >>
> >> "Miha Pihler [MVP]" wrote:
> >>
> >>> Hi,
> >>>
> >>> You can run following command on your server...
> >>>
> >>> echo %logonserver%
> >>>
> >>> and it will tell you which server authenticated you.
> >>>
> >>> If computers are in different subnets - you could implement Sites
> >>> and force
> >>> clients to try and connect to nearest DC first (nearest DC would be
> >>> one in
> >>> same subnet (Site)).
> >>>
> >>> --
> >>> Mike
> >>> Microsoft MVP - Windows Security
> >>>
> >>> "vidro" <(E-Mail Removed)> wrote in message
> >>> news:07CF12D1-7224-4426-8B89-(E-Mail Removed)...
> >>> > Enviroment = Windows 2003 Active Directory
> >>> >
> >>> > Having multiple, DC's how can I find out which DC authenticated
> >>> > certain
> >>> > clients?
> >>> > How can I configure clients to be authenticated by specific DC's?
> >>>
> >>>
> >>>
> >
> >
> >
>
>

"vidro" wrote:

>
> Asher,
> these are just question that I feel could help me trouble shoot some issues
> that I'm dealing with.
> But your thinking is a 2 edge sword. If the CEO keeps being authenticated
> by the slower DC than there is an appearance that there is a problem and
> possibly so.
> If I can point him to the faster server till the problem with the slower DC
> is solved than things aren't as gloomy as you elude to.
>
> "Asher_N" wrote:
>
> > Why would you want to? Multiple DCs are fault tolerant. Do you really
> > want to deal wth the CEO not being able to logon because his DC is down
> > while everybody around is working?????
> >
> > "Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in
> > news:(E-Mail Removed):
> >
> > > You can't. Client will use DNS to locate a DCs.
> > >
> > > --
> > > Mike
> > > Microsoft MVP - Windows Security
> > >
> > > "vidro" <(E-Mail Removed)> wrote in message
> > > news:F5465008-ECDE-4DB5-9591-(E-Mail Removed)...
> > >> How to force to specific DC if there is no sub-nets?
> > >>
> > >> "Miha Pihler [MVP]" wrote:
> > >>
> > >>> Hi,
> > >>>
> > >>> You can run following command on your server...
> > >>>
> > >>> echo %logonserver%
> > >>>
> > >>> and it will tell you which server authenticated you.
> > >>>
> > >>> If computers are in different subnets - you could implement Sites
> > >>> and force
> > >>> clients to try and connect to nearest DC first (nearest DC would be
> > >>> one in
> > >>> same subnet (Site)).
> > >>>
> > >>> --
> > >>> Mike
> > >>> Microsoft MVP - Windows Security
> > >>>
> > >>> "vidro" <(E-Mail Removed)> wrote in message
> > >>> news:07CF12D1-7224-4426-8B89-(E-Mail Removed)...
> > >>> > Enviroment = Windows 2003 Active Directory
> > >>> >
> > >>> > Having multiple, DC's how can I find out which DC authenticated
> > >>> > certain
> > >>> > clients?
> > >>> > How can I configure clients to be authenticated by specific DC's?
> > >>>
> > >>>
> > >>>
> > >
> > >
> > >
> >
> >

Why is one of the servers slower? Hardware or ?

--
Mike
Microsoft MVP - Windows Security

"vidro" <(E-Mail Removed)> wrote in message
news:1DA9FD7A-5A7E-436C-AB90-(E-Mail Removed)...
>
> Asher,
> these are just question that I feel could help me trouble shoot some
> issues
> that I'm dealing with.
> But your thinking has a 2 edge sword, if the CEO keeps being authenticated
> by the slower DC than there is an appearance that there is a problem and
> possibly so.
> If I can point him to the faster server till the problem with the slower
> DC
> is solved than things aren't as gloomy as you elude to.
>
> "Asher_N" wrote:
>
>> Why would you want to? Multiple DCs are fault tolerant. Do you really
>> want to deal wth the CEO not being able to logon because his DC is down
>> while everybody around is working?????
>>
>> "Miha Pihler [MVP]" <mihap-(E-Mail Removed)> wrote in
>> news:(E-Mail Removed):
>>
>> > You can't. Client will use DNS to locate a DCs.
>> >
>> > --
>> > Mike
>> > Microsoft MVP - Windows Security
>> >
>> > "vidro" <(E-Mail Removed)> wrote in message
>> > news:F5465008-ECDE-4DB5-9591-(E-Mail Removed)...
>> >> How to force to specific DC if there is no sub-nets?
>> >>
>> >> "Miha Pihler [MVP]" wrote:
>> >>
>> >>> Hi,
>> >>>
>> >>> You can run following command on your server...
>> >>>
>> >>> echo %logonserver%
>> >>>
>> >>> and it will tell you which server authenticated you.
>> >>>
>> >>> If computers are in different subnets - you could implement Sites
>> >>> and force
>> >>> clients to try and connect to nearest DC first (nearest DC would be
>> >>> one in
>> >>> same subnet (Site)).
>> >>>
>> >>> --
>> >>> Mike
>> >>> Microsoft MVP - Windows Security
>> >>>
>> >>> "vidro" <(E-Mail Removed)> wrote in message
>> >>> news:07CF12D1-7224-4426-8B89-(E-Mail Removed)...
>> >>> > Enviroment = Windows 2003 Active Directory
>> >>> >
>> >>> > Having multiple, DC's how can I find out which DC authenticated
>> >>> > certain
>> >>> > clients?
>> >>> > How can I configure clients to be authenticated by specific DC's?
>> >>>
>> >>>
>> >>>
>> >
>> >
>> >
>>
>>