Q: We have two sites set up in Active Directory. Whenever someone travels to a remote office, they always authenticate...
to one of our sites and not the remote office's NT 4.0 Server. Why would this be?
A: My guess is that the laptops are installed with Windows 2000 Professional (or perhaps server). Windows 2000 machines, once they have discovered that an AD exists and there are Windows 2000 DCs, will favor the Windows 2000 DCs for authentication. The laptops will use LDAP and Kerberos for discovery and authentication against the domain. Windows NT 4.0 BDCs cannot perform LDAP and Kerberos authentication, so the laptops bypass the NT 4.0 BDCs and seek out the Win2000 DCs.
Dig Deeper on Microsoft Active Directory Design and Administration
Related Q&A from Paul Hinsberg
Need to take an in-place upgraded PDC offline to rebuild it and use the second and third freshly-built 2003 DCs to handle services? Our expert ... Continue Reading
One admin wants to know if he can run DCPROMO on a Windows Server 2003 machine while the root domain is on Windows 2000. Continue Reading
A new admin's Active Directory is in utter chaos. Here's what our expert suggests. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.