Can you help with an Active Directory authentication problem?

I have a network consists on 26 sites. I am using Active Directory, and I have a child-parent structure. The root domain is in the central node and the rest of the sites are child domains with two domain controllers each. Each site has a GC server. When ever the connection between the central node and any site is down, users on that site can no longer log on to there client PCs that are member of their child domain. Why is this? Note: each site has a DNS server (AD Integrated).

This question is about Active Directory authentication. Since I don't have an exact error message to troubleshoot off of, I'm going to discuss a little bit about the various things that must be in place for Active Directory Authentication to transpire of the Parent Domain Controller is inaccessible.

Oftentimes, DNS is the culprit when Active Directory goes down. First and foremost, it's essential not to run DNS servers on top of Active Directory servers. This can cause a lot of abnormalities which would be avoided with separate machines for the separate functionalities. You will also want to check the DNS records for the following items: PDC, GC, GCIPAddress, DSaCname, Kdc and DC. For the DNS records returned for each client, make sure that the Domain Controller is specified as well as the Primary Domain Controller. You also want to specify the Kerberos and Global Catalog servers in the DNS configuration file.

When DNS is a problem with Active Directory Authentication, there are specific error messages returned. The Microsoft Knowledge Base outlines the appropriate measures to troubleshoot Active Directory issues due to DNS Configuration items here. Depending on the error message received, the DNS configuration should be updated to adapt to the expected parameters to ensure replication if the Primary Domain Controller becomes unavailable.

Dig Deeper on Campus area network

Active Directory domain (AD domain) An Active Directory domain is a collection of objects within a Microsoft Active Directory network. An object can be a single user or a group or it can be a hardware component, such as a computer or printer.

Repadmin diagnoses Active Directory replication issues in Windows Repadmin troubleshoots Active Directory replication issues, but it also includes some commands that Windows administrators might not recognize.

Recovering an Active Directory root domain in a multiple domain forest Imagine your entire forest root domain failed. What would you do? This case study explores the steps taken in such a situation.

How the DC locator works in Active Directory The DC locator depends heavily on DNS to not only locate a domain controller with the right role but also to locate one that will be efficient.

For Active Directory performance gains, delegate the _MSDCS DNS zone Directory services expert Gary Olsen explains how to delegate the _MSDCS zone, which contains the CName records and GC records, to ensure better Active Directory performance.

Best practices for DNS structure design The dream of having an efficient Active Directory can live or die with how well DNS is designed. Expert Gary Olsen runs through the basic principles to be aware of when designing the DNS structure.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Networking experts

View all Networking questions and answers

Can you help with an Active Directory authentication problem?