Friday, April 13, 2012 1:31 PMwe had one server (a) which was our main DC, we've not changed that to another server (b) and set server a as a backup dc, now for some reason server a is still kicking in for some people, and I'm worried that if we take it down, it'll cause all sorts of problems for those users - is there any way to make sure all users use server b which is the main DC?
Friday, April 13, 2012 1:36 PM
If you have the Active Directory Integrated dns then please point all clients pc to sue the Server b as the dns server and also please note that you will have to transfer the fsmo roles from serverA to Server B and then shut down the server A to check if the users are not having any issues then slowly you may demote server A
Friday, April 13, 2012 2:58 PM
There is no supported way to force users to authenticate against a particular DC.
Do you plan to retire your old server A? If yes
You would need to ensure following things-
- AD replication between the 2 DC's has active/up to date. article http://support.microsoft.com/kb/229896
- Transfer the FSMO roles to the new DC - article http://support.microsoft.com/kb/255504
- Make server B a global catalog (GC) – article http://support.microsoft.com/kb/296882
- Make sure you have alternate DNS server (your case server B) and all machines point to it.
After all of this has been done, shutdown server A and test if users face any issues. If not you can demote the old DC or keep it as backup ADC (recommended).
Sunday, April 15, 2012 3:51 PM
It is best practice to have 2 DC's, you should keep them both if these are the only 2 in your domain.
It sounds like the users are using both DC's, as per design - users will discover both the DC's based on the site they are in. If you don't want your users to find this DC automatically, but still want it to be available online, create a new site in Active Directory sites and services and move this DC to that site. Clients will discover the DC in their own site and use that by default. If it becomes unavailable for any reason they will automatically discover the 2nd DC and use that instead.
Hope this helps.
Monday, April 16, 2012 6:09 AM
does "kickin in" means your users/machines use the older one to authenticate? Are the clients reconfigured to use the new DNS on the NIC
Then this is normal and nothing to worry about. See here about DCLocator and how it works, especially about the stickiness http://www.frickelsoft.net/blog/?p=278
Please post also an unedited ipconfig /all from the new and old DC/DNS server and a client.
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- Marked As Answer by K_evin ZhuMicrosoft Contingent Staff, Moderator Wednesday, April 18, 2012 1:36 AM
Wednesday, April 18, 2012 1:35 AMModerator
As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
TechNet Community Support