Can you help with an Active Directory authentication problem?

Lindi Horton, ServiceMesh

I have a network consists on 26 sites. I am using Active Directory, and I have a child-parent structure. The root domain is in the central node and the rest of the sites are child domains with two domain controllers each. Each site has a GC server. When ever the connection between the central node and any site is down, users on that site can no longer log on to there client PCs that are member of their child domain. Why is this? Note: each site has a DNS server (AD Integrated).

This question is about Active Directory authentication. Since I don't have an exact error message to troubleshoot off of, I'm going to discuss a little bit about the various things that must be in place for Active Directory Authentication to transpire of the Parent Domain Controller is inaccessible.

Oftentimes, DNS is the culprit when Active Directory goes down. First and foremost, it's essential not to run DNS servers on top of Active Directory servers. This can cause a lot of abnormalities which would be avoided with separate machines for the separate functionalities. You will also want to check the DNS records for the following items: PDC, GC, GCIPAddress, DSaCname, Kdc and DC. For the DNS records returned for each client, make sure that the Domain Controller is specified as well as the Primary Domain Controller. You also want to specify the Kerberos and Global Catalog servers in the DNS configuration file.

When DNS is a problem with Active Directory Authentication, there are specific error messages returned. The Microsoft Knowledge Base outlines the appropriate measures to troubleshoot Active Directory issues due to DNS Configuration items here. Depending on the error message received, the DNS configuration should be updated to adapt to the expected parameters to ensure replication if the Primary Domain Controller becomes unavailable.

This was last published in February 2006

Can you help with an Active Directory authentication problem?

Can you help with an Active Directory authentication problem?

Dig Deeper on Campus area network

Active Directory domain (AD domain)

Repadmin diagnoses Active Directory replication issues in Windows

Recovering an Active Directory root domain in a multiple domain forest

How the DC locator works in Active Directory

Related Q&A from Lindi Horton

Providing fastest Internet sharing speed for clients

Advantages of DNS Made Easy

Expert advice for file server troubleshooting

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchUnifiedCommunications

Cisco collaboration products unify UC, admin and productivity tools

Cisco collaboration revenue takes hit to start 2020

The 4 features of a complete enterprise video platform

SearchMobileComputing

Samsung Unpacked 2020 a foreshadowing of enterprise mobility trends

Consider device attestation over MDM for specific use cases

What Android security threats should IT know about?

SearchDataCenter

Initiative aims to improve data center incident reporting

A guide to GPU implementation and activation

Key components for negotiating an HPC colocation contract

SearchITChannel

Chef partners get new channel program for DevOps tools

5 tips for multi-cloud strategy and management success

What CCPA requirements mean for channel partners

Dig Deeper on Campus area network

Active Directory domain (AD domain)

Repadmin diagnoses Active Directory replication issues in Windows

Recovering an Active Directory root domain in a multiple domain forest

How the DC locator works in Active Directory

Related Q&A from Lindi Horton

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.