logging on domain

  • Thread starter Thread starter mostarx
  • Start date Start date
M

mostarx

Hi

Again me with problem about Active Directory. Now i have question abot
logging users on domain. So is thare any way that user logon on domain
on specific DC. Problem is that I have one DC which do not have
replication with other DC in last four month. I can not replace him
yet so if some user log on domain via that DC that is problem.
Can I solve problem with AD site.
Doas user in specific site log on domain via DC in that site.

Thank you
 
mostarx said:
Hi

Again me with problem about Active Directory. Now i have question abot
logging users on domain. So is thare any way that user logon on domain
on specific DC. Problem is that I have one DC which do not have
replication with other DC in last four month.
Click to expand...

There are ways to approximate this but if the DC is not online it won't
be used by any client so just take it offline or DCPromo it to non-DC.

Also if he is not online, just delete his DNS
records (the DC cannot re-add them until it comes back online.)

I can not replace him
yet so if some user log on domain via that DC that is problem.
Click to expand...

If it is not working as a DC it really should be DCPromo'd -- what
possible reason is there for a running DC not to replicate for 3 months?

Also note that this DC is now past the default "tombstone lifetime" for
removing deleted objects from AD -- he will be difficult to EVER
replicate.

Can I solve problem with AD site.
Click to expand...

Not precisely, but you can (strongly) encourage the clients to avoid
this DC -- however, the DC must replicate to realize it is in another
zone (and stop registering itself with DNS as in the current site.)
Doas user in specific site log on domain via DC in that site.
Click to expand...

Generally, yes but a client will fail over to other DCs if none is
available locally.
 
Im not sure what you're trying to achieve with a 4month out of cycle DC
(4 month old backup maybe?) But, if you do need to keep this puppy up
and running, I would use Sites and Services to make this guy quite a
few hops out, so the client shouldn't choose it unless the other DCs
are down. Of course, if the client currently has a secure channel
setup with this DC, you will need to reset it, or simply reboot the PC.

Matt
 
Back
Top