Dear FriendsI have Windows 2003 server std. R2 environment. i have few remote locations to operate with.. main datacenter have DC and one ADC,while rest remote locations have their own ADC's connected to DC.. idea to keep ADC's at remote location to serve users fast with network and authentication criteria, now i have found that users from main head office (where DC and ADC located) are getting their password authentication from any of remote ADC's.. DC at the Head Office have DHCP and DNS installed.. it serve IP addresses to Head Office Users, while ADC's at remote locations are also equipped with DHCP and it serve the users at respective locations.my questions for the scenario are1. i have found that at the network places of DC, i can not see entire network computers.. it shows very few pcs.. how to correct that?2. when i restart my DC, it takes almost 30-40 mins to start.. mostly it takes times to applying network settings and personal settings screens.. after restart it shows the network properly for few mins.. than again the same scene happen as mentioned in point 1.. how to correct it? so it can boot fast..3. how to correct users to get authenticate from their respective locations only.. not from anywhere..SaifeeSaifee

hi there, Point 1 : Computer Browser service and settings should be appropriate in order to see entire network computers. Honestly speaking there is no need for any configuration for computer browser service, it should work automatically , please provide nbtstat -n result from the DC . You need to look at 1E record and 1b record from the output please use the below link to troubleshoot computer browser servicehttp://support.microsoft.com/kb/188305=========================================================================Point 2 : since when the issue is happening, does your DC point Primary DNS to itself ? or to any other DNS server. how did you configure the DNS servertype the following command to check if your dns is okay.nltest /dsgetdc:domain-name.comnslookup -type=srv _ldap._tcp.dc._msdcs.domain-name.com*) also you need to look for default domain policy and suggest you to configure userenv logging on the dC *) another possiblilty is the startup services, please do check the issue in safe mode if the issue occurs, if the issue doesnt occur in safe mode then you might need to check the 3rd party services which are taking long time *) please check for the events pertaining to userenv , LSASRV *) pllease do collect dcdiag and netdiag output and paste the output to the thread.===============================================================================Point 3 : make sure you point the clients to appropriate DNS server , primary dns server ip address should be your DC ipaddress wher you have configured DNS server.sainath Windows Driver Development

Hello Saifee, On Point 1 & 2, make sure DNS is properly configured and working well. Are you using AD Integrated DNS? On point 3, I will look into subnets. By default, clients should be able to authenticate on DCs that are on their respective subnets. How are your subnets configured? Overall, make sure you have dns installed in atleast one DC on each site and have clients on respective sites refer to it for pri dns.Isaac Oben MCITP:EA, MCSE

Hi, Additional to Sainaths suggestions, the slow startup issue may be caused by DNS settings, please refer to the following article for troubleshooting. Domain Controller boots up slowly when pointing to itself as the only DNS server http://support.microsoft.com/default.aspx?scid=kb;EN-US;945765 Regarding the authentication issue, it may be caused by incorrect Site Information in your Domain. Generally, client will try to find and authenticate with DC in the same Site. DCs will use the IP address to distinguish Sites. Open Active Directory Sites and Services, double-click Default-First-Site-Name->Servers, are all DCs listed in this site? If so, please try to create a new Site and subnet for the every remote DCs. http://technet.microsoft.com/en-us/library/cc781496.aspx After that, please check DNS server-> _Sites to make sure remote DCs was in their own remote site. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights.

Hi to All first of all sorry for late reply.. i have done with DCdiag and to my surprise there is no DC showed in the list.. though network function properly.. exchange cluster is working fine.. that may be the reason why clients are getting authenticated from any other sites.. to serve remote site.. as i said i have a good number of ADC's available in my network.. now as i have one ADC available at Head Office.. how can i securly promote it to DC? to confirm these findings i have installed DameWare NT Utilities and scanned the network.. it shows NO DC.. help in promoting DC will be highly appreciated. For Isaac : yeah its AD integrated DNS.. Saifee

Hi, From the Active Directory standpoint, you can just run "dcpromo" to promote a DC. However, if there is Exchange Server in your Domain, its suggested to consult Exchange experts. The engineers and community members there have more experience and can help you in a more efficient way. Exchange Forum http://social.technet.microsoft.com/Forums/en-US/category/exchangeserver/ Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.