Q

Sorting out Active Directory remote office authentication problems

An admin notices a curious behavior with Active Directory's remote authentication.

Q: We have two sites set up in Active Directory. Whenever someone travels to a remote office, they always authenticate...

to one of our sites and not the remote office's NT 4.0 Server. Why would this be?

A: My guess is that the laptops are installed with Windows 2000 Professional (or perhaps server). Windows 2000 machines, once they have discovered that an AD exists and there are Windows 2000 DCs, will favor the Windows 2000 DCs for authentication. The laptops will use LDAP and Kerberos for discovery and authentication against the domain. Windows NT 4.0 BDCs cannot perform LDAP and Kerberos authentication, so the laptops bypass the NT 4.0 BDCs and seek out the Win2000 DCs.

This was last published in August 2002

Dig Deeper on Microsoft Active Directory Design and Administration

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close