External Domain Trust restricting authentication to a single DC. RRS feed

  • Question

  • I have a one way domain trust that is periodically having problems authenticating users and occasionally times out users that have logged into the application successfully with remote domain credentials. I think this has to do with the fact that only a single domain controller is available over the network and if you nslookup company.local it returns all domain controllers even DC's that cannot be routed to. What I think is happening is that it hits each one of the domain controllers that DNS returns and has to timeout before it reaches the DC that is in the same network as the servers that it needs to authenticate for.  My question is that with a domain trust is there a way that I can limit authentication request to a single DC or a group of DC's that I choose or is DNS the authority for all of this.  I have done this in the past by exporting the zone from the remote DC and importing it in as a primary zone on a local DNS server and deleting all the records for servers that there is no connection to. I  would rather do it in a way that I wouldn't need to manage the clients DNS.  Any help is appreciated.

    This is a link to how I've done it in the past: http://www.neomagick.net/zen/2008/11/30/using-dns-to-force-a-domain-trust-through-a-specific-domain-controller-dc

    I just would like to find a better way.



    Wednesday, May 27, 2015 8:24 PM


All replies