Windows 2000 server domains BDC and PDC
Active Directory, DataCenter, DHCP, DNS, LDAP, Lotus Domino, Microsoft Systems Management Server, Microsoft Windows, Networking services
Hi, this is my first post, so i hope im asking this question properly...
We have a W2k server Primary Domain Controller(PDC) on site and a W2k server Backup Domain Controller(BDC) off site . The majority of our client machines are using the BDC off site to authenticate. I have checked the "Active Directory and Services" and our PDC NTDS properties is set to "Global Catalog server". I am stumped. Any suggestions would be greatly appreciated!! THANKS!!
Software/Hardware used:
Software/Hardware used:
ASKED:
May 12, 2005 1:51 PM
UPDATED:
May 13, 2005 8:16 AM
Answer Wiki:
I'm guessing that logging into the remote site is going slow. You can put a global catalog (GC) at the remote site on the "BDC" to decrease the login time. All of your DCs can be a GC, but you really should only need one per site.
BTW, if you go by Win2k standards, there are no "PDCs" and "BDCs" anymore. There is a PDC emulator that is responsible for authenticating downlevel clients such as win95, win98, etc. However, you cannot log on at all if you don't have a PDC emulator, so, you can effectively say that MS is just twisting words around.
I'm working by memory here, so forgive me if this is not 100% correct. To set the remote site as a GC, go into the Active Directory Sites and Services and under the FirstSiteName/NTDS for the server, select properties and check the "Global Catalog" box.
Happy motoring,
SF
To see all answers submitted to the Answer Wiki: View Answer History.
You should check the Active Directory Sites and Services. You will need to make sure that the network subnets for the local and the remote sites are all defined. Further, you will need to make sure that all of the subnets are assigned to the appropriate domain controller.
When a client machine looks for a domain controller to authenticate against, it reviews the subnet and the assigned site. So say your local subnet is 192.168.1.x and the remote subnet is 10.1.1.x. If there are no subnets in Active Directory Sites and Services, the system will select a random system (actually it goes through a series of checks) in any case it has a good opporunity to select the wrong system. So you need to make sure that 192.168.1.x is assigned to the Default-First-Site-Name and teh 10.1.1.x is assigned to the site that the remote DC is in.
If your users are authenticating against the off site controller then you need to make this a global catalog as well to stop the logon authentications going accross the WAN links.
This is done in the AD sites and services.
Thanks to all!!!, Problem is resolved. There wer no sites defined in AD Sites and Services…
Thanks to all!!!, Problem is resolved. There wer no sites defined in AD Sites and Services…