|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
IIS authenticationHi,
I am new to Active Directory and I was reading about having a DC on each site could help speeding up the authentication. My question is if users on different sites need to log in to a web based application running at the central office, then if DC on each site would help speeding up authentication, or web based apps and IIS use different way for login process? If the question appears to be confusing, please let me know and I'll try to explain it in a more detailed fashion. Thank you very much. Coady,
I will address only the 'DC in each Site' part of the question. Yes, you are correct. It is generally a really good idea to have a Domain Controller in each Site. And, to make sure that this Domain Controller is also a Global Catalog Server. Let's look at an example: You have a nice company that has locations in three locations: Los Angeles, New York and Miami. It is all one domain: yourdomain.com. You have created the three Sites in Active Directory Sites and Services (er, well you created two and renamed the one that already exists). You create the Subnets and associated each Subnet to the correct Site. You also created the Site Links. So, you have two Domain Controllers in each Site. In LA you have LAX-DC01 and LAX-DC02. In New York you have NYC-DC01 and NYC-DC02. In Miami you have MIA-DC01 and MIA-DC02. Why do you create Sites? To do two things: to assist in user logons and to control Active Directory replication. We will look at the logon part of that. You clearly do not want your users in Miami to authenticate against a Domain Controller in Los Angeles or in New York. You want them to authenticate against a 'local' Domain Controller. So, you create the Sites and Subnets and put the Domain Controllers in the correct Site and everything is supposed to work out just swell. This does not always work that way, though. In WIN2000 there were some problems. However, in WIN2003 this area has been greatly improved (well, so I have read!). I would suggest that you take a look at the Branch Office Deployment Guide. This should really help this part of the question. Here are two articles that might help things: http://support.microsoft.com/?id=247811 http://support.microsoft.com/?id=314861 I will leave the IIS part to someone who actually knows what they are talking about in that area. You would get nothing but gibberish from me! Well, I am sure that there are those who would contend that I am very good at dispensing with the gibberish! -- Show quoteHide quoteCary W. Shultz Roanoke, VA 24012 "coady" <co***@discussions.microsoft.com> wrote in message news:2B76E5DC-DACC-4943-92A5-D429C7E4054E@microsoft.com... > Hi, > I am new to Active Directory and I was reading about having a DC on each > site could help speeding up the authentication. > > My question is if users on different sites need to log in to a web based > application running at the central office, then if DC on each site would > help > speeding up authentication, or web based apps and IIS use different way > for > login process? > > If the question appears to be confusing, please let me know and I'll try > to > explain it in a more detailed fashion. > > Thank you very much. 
Other interesting topics
How to exclude ADAM user from AD domain lockout policy??
Domain Controllers not talking to each other How to restore Domain Controllers that have been down for a long t W2K3 server time slow CSVDE export fields ordering Error in Accessing Primary Domain Controller from Backup Domain Controller restore a windows 2000 domain controller Issue DHCP IP's only to computers in AD? Replace Primary DC with new 2003 Server Authentication problems on member server (file/print) |
|||||||||||||||||||||||
