AD location caching winXP

  • Thread starter Thread starter Bill-Bob
  • Start date Start date
B

Bill-Bob

Having a problem with an XP workstation where it seems to
be remembering the last site that it was on. The scenario
is where a laptop roaming user moves from office to
office. When he powers up at the new office he logs in and
it uses the AD location from the last site he was on. In
the reg it shows the correct information but using the set
command it is incorrect.
 
Bill-Bob,

The way that things are supposed to work is as follows:

UserA logs into the domain with his user name and password using his laptop.
He is currently in SiteA ( his home Site ). To make a long story short (
please see the following MSKB Article on how WINXP Pro finds a Domain
Controller: http://support.microsoft.com/?id=314861 ) the computer will
look for a Domain Controller in its Site ( based on IP Address ) first and,
if it does not find any, then for any Domain Controller ( and there are a
couple of things that can limit what "any other Domain Controller' means ).
So, it finds a Domain Controller that is located in the same Site and is
authenticated against that Domain Controller. If you run the set command
( or just the set l command ) you will see that DC001 is designated as the
logon server. This is good!

Now, userA is on the move and goes to one of the other offices ( let's call
it SiteB ). The way that it is supposed to work is that the computer has
the 'old' DC stored in the registry. It contacts that specific DC ( the one
from SiteA ) but the DC in SiteA is supposed to respond, and I will
paraphrase, that it is no longer the best DC and that it should try these!
So, the laptop is going to try the DCs in SiteB - or whatever DC001 gives
it. Let's say that DC010 responds to the authentication request. If you
run the set command you should now see that DC010 is the designated logon
server.

Well, userA is on the road, again! He is in the office in SiteC. He plugs
in the network cable and attempts to log on. This time the laptop has DC010
in the registry. So, it contacts that Domain Controller. Well, DC010 is no
longer the best DC. So, it let's the laptop know that it should try these
DCs. So, it does and DC021 responds to the request for authentication.

You see the pattern here.

Does this help you?

Cary
 
Back
Top