none
Conditions that make active dirctory user authenticate from additional Domain

    Question

  • Hii All i hope i can find answer for this :

    i have two additional domains in my environment i detect that some users authenticate from the additional domain not from the primary domain could i know why???? and already both of them up and running

    Thursday, April 13, 2017 1:44 PM

Answers

  • Hi,

    Check your DNS settings of client machine and provide correct DNS IP address of desired domain controller in TCP/IPv4 properties. Execute this command also on client machine to check its authentication DC server.

    nltest /dsgetdc:<domain>

    Thank you,

    Karim




    Tuesday, April 18, 2017 11:26 AM

All replies

  • Do you have additional UPN suffixes for those users ?
    Thursday, April 13, 2017 6:27 PM
  • Hi,
    Alternatively, you could force client to validate its logon against a specific domain controller, please refer to the following article to have a try:
    http://windowsitpro.com/windows-server/q-how-can-i-force-client-validate-its-logon-against-specific-domain-controller
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, April 14, 2017 8:32 AM
    Moderator
  • Hii All i hope i can find answer for this :

    i have two additional domains in my environment i detect that some users authenticate from the additional domain not from the primary domain could i know why???? and already both of them up and running

    What is an additional domain? We have additional domain controllers though.


    Mahdi Tehrani | | www.mahditehrani.ir
    Make sure to download my free PowerShell scripts:

    Monday, April 17, 2017 9:31 AM
    Moderator
  • Hii All i hope i can find answer for this :

    i have two additional domains in my environment i detect that some users authenticate from the additional domain not from the primary domain could i know why???? and already both of them up and running

    What did you mean with additional domains?Child domains?Please give more information.And you can check this similar case,if your question also similar;

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/1b714a72-4e52-44c4-a0a4-af1f5e0ca5f9/root-domain-user-lists-not-shown-in-child-domain?forum=winserverDS


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Monday, April 17, 2017 1:57 PM
  • additional domain like dc01 and dc02 another Domain controller to replicate from and to be a backup dc if dc01 is down

    Tuesday, April 18, 2017 11:04 AM
  • yes we have
    Tuesday, April 18, 2017 11:10 AM
  • If you mean additional domain controller,you should check replication health then dc health also,

    run "repadmin /replsum" then "dcdiag" on each dc to check..


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Tuesday, April 18, 2017 11:26 AM
  • Hi,

    Check your DNS settings of client machine and provide correct DNS IP address of desired domain controller in TCP/IPv4 properties. Execute this command also on client machine to check its authentication DC server.

    nltest /dsgetdc:<domain>

    Thank you,

    Karim




    Tuesday, April 18, 2017 11:26 AM
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, April 21, 2017 2:45 PM
    Moderator