authentication question

  • Thread starter Thread starter chrism
  • Start date Start date
C

chrism

We have two Win2003 Domain Controllers.

How can I tell which one the clients are authenticating to ?

I would like to find out if both are being used to authenticate
and how I might distribute that load amongst both servers.

We have one domain, one site, one subnet.

Thanks,

Chrism.
 
There isn't a quick way to do this. Basically, you need to enable account
logon event auditing and scrape the event log for the appropriate
information.

A sort of so so way to see who has a connection RIGHT NOW to the DC but not
necessarily everyone who is currently logged on the network somewhere who
was authenticated by that DC is to check the current sessions

net sessions

which must be run on the server console (directory or through rcmd/psexec)
or you can use the www.joeware.net tool netsess to do it remotely.
 
Chris,

If you wanted to use what is available to you natively in Windows then you
would have to go to each client and at a command prompt enter set l ( that
is the lower case letter "L" ). This will tell you which DC authenticated
the logon request. Or you could write a logon script that would gather this
information for you....

Probably not a really good way to do things!

You might want to look into the utilities that Laura suggested. Thanks,
Laura. I have never messed around with any of those ( but am familiar with
both web sites... ).

Out of the box, all WIN2000 Domain Controllers have a weight of 0 and a
priority of 100. I presume that this has not changed in WIN2003 ( have not
played with 2003 too much yet...I know, I know! ). So, out of the box
things are pretty evenly distributed. You see, WIN2000 and WIN XP systems
look for a Domain Controller in its Site with the lowest weight. 0 would be
the lowest in this case. Since both have a weight of 0 the next parameter
is the priority. Since both have a priority of 100 things are perfectly
balanced out. You should notice that about 50% of your authentication
requests is handled by 'DC01' and that the other 50% is handled by 'DC02'.

Please take a look at the following two MSKB Articles:

http://support.microsoft.com/?id=247811
http://support.microsoft.com/?id=314861


HTH,

Cary
 
Chris, as previously suggested enable auditing for successful logon events
in Group Policy.
The easiest way I know of to dig thur event messages is with a tool called
Eventcomb.exe
You can obtain this via Microsoft PSS 800 936 4900. Im not sure if it is
availabel on the website.
 
Back
Top