Ok guys here is my issue…
We have 4 sites and each one has its own Ad server and each site has its own IP range i.e. Site1 192.168.10.X, Site 2 192.168.20.X and so on. They are all on the same subnet of 255.255.255.0.
All the sites are linked via a VPN Tunnel and are setup to replicate changes to each other ever hour, Site 1 being the Global catalogue and Primary server.
Now the problem I seem to be getting is that when a user logs on at one of the sites (other than Site 1) they seem to be getting authenticated by the primary Ad server rather than there local Ad server.

Hope all that makes sense! Any ideas what is going wrong?? Or is this how Ad works??

Thanks in advance

Simon

 

AFAIK, it's the GC that needs to be contacted during the authentication process. You could just make each of the AD server's GC server's too.

Exchange will need a GC to query the AD using LDAP, so it makes sense to keep a local server configured as a GC rather than it having to send queries across a slower VPN link. Just something to remember if you use Exchange.

Stefan

 

Stefan is right, each site should have a GC. When you log on to AD the GC is contacted for details.

 

Cheers guys I will set the other servers to GC's then.
Unfortunatly we use notes/domino here so the Exchange part I don't have to worry about !

Simon