RE: [ActiveDir] Set Preferred DC
Title: Set Preferred DC Thats easy. On W2000 and XP, remove the DNS servers from the IP settings, and put the relevant DC entries in the HOSTS file. For W9x, set #DOM and 1b records in LMHOSTS. That way you insure the can only find the DCs you want them to. -- Regards, Willem P.S. If we could just skip over that whole bit it would be great. That was pretty hard, but I did it! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland Sent: Tuesday, September 07, 2004 5:24 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Set Preferred DC Ok Guys, I am about to ask a question that may stir up a great deal of conversation about Good Practice and Avoiding Hard Coded Entries, If we could just skip over that whole bit it would be great. That being said, I need to control the logonserver of individual machines running operating systems ranging from win98, to NT4.0, win2k, and winXP. This is a mixed mode active directory domain in a typical branch office deployment single domain, single forest. Again this needs to be on individual machines so please dont respond with a DNS answer, Im looking for a reg hack or a utility like setprfdc.exe that will work in an ActiveDirectory Domain on all of the previously mentioned operating systems. Thanks, Brent
RE: [ActiveDir] Set Preferred DC
Title: Set Preferred DC Hmmm...Removing DNS entries might be a little drastic. IIRC, netdom might hold what you look for in terms of a utility, but for Win2K and XP workstations what besides site boundaries are you looking for? For 9x you can't even say for certain they will use domain creds so setting lmhosts is as good as it gets IMHO. Al From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Willem KasdorpSent: Tuesday, September 07, 2004 2:18 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Set Preferred DC That's easy. On W2000 and XP, remove the DNS servers from the IP settings, and put the relevant DC entries in the HOSTS file. For W9x, set #DOM and 1b records in LMHOSTS. That way you insure the can only find the DC's you want them to. -- Regards, Willem P.S. If we could just skip over that whole bit it would be great. That was pretty hard, but I did it! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent WestmorelandSent: Tuesday, September 07, 2004 5:24 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Set Preferred DC Ok Guys, I am about to ask a question that may stir up a great deal of conversation about "Good Practice" and "Avoiding Hard Coded Entries", If we could just skip over that whole bit it would be great. That being said, I need to control the logonserver of individual machines running operating systems ranging from win98, to NT4.0, win2k, and winXP. This is a mixed mode active directory domain in a typical branch office deployment single domain, single forest. Again this needs to be on individual machines so please don't respond with a DNS answer, I'm looking for a reg hack or a utility like setprfdc.exe that will work in an ActiveDirectory Domain on all of the previously mentioned operating systems.Thanks,Brent
Re: [ActiveDir] Set Preferred DC
Title: Re: [ActiveDir] Set Preferred DC Thats Brilliant! Then we could just stop resolving DNS names except for DCs. We could break file print, internet everything else, but the client would be authenticated right where we want them From: Willem Kasdorp [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 7 Sep 2004 20:18:17 +0200 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Set Preferred DC Thats easy. On W2000 and XP, remove the DNS servers from the IP settings, and put the relevant DC entries in the HOSTS file. For W9x, set #DOM and 1b records in LMHOSTS. That way you insure the can only find the DCs you want them to. -- Regards, Willem P.S. If we could just skip over that whole bit it would be great. That was pretty hard, but I did it! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland Sent: Tuesday, September 07, 2004 5:24 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Set Preferred DC Ok Guys, I am about to ask a question that may stir up a great deal of conversation about Good Practice and Avoiding Hard Coded Entries, If we could just skip over that whole bit it would be great. That being said, I need to control the logonserver of individual machines running operating systems ranging from win98, to NT4.0, win2k, and winXP. This is a mixed mode active directory domain in a typical branch office deployment single domain, single forest. Again this needs to be on individual machines so please dont respond with a DNS answer, Im looking for a reg hack or a utility like setprfdc.exe that will work in an ActiveDirectory Domain on all of the previously mentioned operating systems. Thanks, Brent
RE: [ActiveDir] Set Preferred DC
Title: Re: [ActiveDir] Set Preferred DC All right, seriously then. If you really insist on hacking it instead of fixing nameresolution you can use nltest to reset the secure channel to the DC you want. That sound better? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland Sent: Tuesday, September 07, 2004 8:44 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Set Preferred DC Thats Brilliant! Then we could just stop resolving DNS names except for DCs. We could break file print, internet everything else, but the client would be authenticated right where we want them From: Willem Kasdorp [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 7 Sep 2004 20:18:17 +0200 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Set Preferred DC Thats easy. On W2000 and XP, remove the DNS servers from the IP settings, and put the relevant DC entries in the HOSTS file. For W9x, set #DOM and 1b records in LMHOSTS. That way you insure the can only find the DCs you want them to. -- Regards, Willem P.S. If we could just skip over that whole bit it would be great. That was pretty hard, but I did it! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland Sent: Tuesday, September 07, 2004 5:24 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Set Preferred DC Ok Guys, I am about to ask a question that may stir up a great deal of conversation about Good Practice and Avoiding Hard Coded Entries, If we could just skip over that whole bit it would be great. That being said, I need to control the logonserver of individual machines running operating systems ranging from win98, to NT4.0, win2k, and winXP. This is a mixed mode active directory domain in a typical branch office deployment single domain, single forest. Again this needs to be on individual machines so please dont respond with a DNS answer, Im looking for a reg hack or a utility like setprfdc.exe that will work in an ActiveDirectory Domain on all of the previously mentioned operating systems. Thanks, Brent
RE: [ActiveDir] Set Preferred DC
Title: Re: [ActiveDir] Set Preferred DC You acquiesced too quickly ;-) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Willem KasdorpSent: Tuesday, September 07, 2004 3:08 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Set Preferred DC All right, seriously then. If you really insist on hacking it instead of fixing nameresolution you can use nltest to reset the secure channel to the DC you want. That sound better? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent WestmorelandSent: Tuesday, September 07, 2004 8:44 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] Set Preferred DC That's Brilliant! Then we could just stop resolving DNS names except for DCs. We could break file print, internet everything else, but the client would be authenticated right where we want them From: Willem Kasdorp [EMAIL PROTECTED]Reply-To: [EMAIL PROTECTED]Date: Tue, 7 Sep 2004 20:18:17 +0200To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Set Preferred DCThat's easy. On W2000 and XP, remove the DNS servers from the IP settings, and put the relevant DC entries in the HOSTS file. For W9x, set #DOM and 1b records in LMHOSTS. That way you insure the can only find the DC's you want them to. -- Regards, WillemP.S. If we could just skip over that whole bit it would be great.That was pretty hard, but I did it! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent WestmorelandSent: Tuesday, September 07, 2004 5:24 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Set Preferred DCOk Guys, I am about to ask a question that may stir up a great deal of conversation about "Good Practice" and "Avoiding Hard Coded Entries", If we could just skip over that whole bit it would be great. That being said, I need to control the logonserver of individual machines running operating systems ranging from win98, to NT4.0, win2k, and winXP. This is a mixed mode active directory domain in a typical branch office deployment single domain, single forest. Again this needs to be on individual machines so please don't respond with a DNS answer, I'm looking for a reg hack or a utility like setprfdc.exe that will work in an ActiveDirectory Domain on all of the previously mentioned operating systems.Thanks,Brent
RE: [ActiveDir] Set Preferred DC
Title: Re: [ActiveDir] Set Preferred DC Isn't that a setting that you can push via DHCP? I want to say you can put a "tag" on your clients so that they can receive different info via DHCP without having to be on a different subnet. For the life of me, I can't remember what MS calls the "tag". Dave From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Willem KasdorpSent: Tuesday, September 07, 2004 12:08 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Set Preferred DC All right, seriously then. If you really insist on hacking it instead of fixing nameresolution you can use nltest to reset the secure channel to the DC you want. That sound better? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent WestmorelandSent: Tuesday, September 07, 2004 8:44 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] Set Preferred DC That's Brilliant! Then we could just stop resolving DNS names except for DCs. We could break file print, internet everything else, but the client would be authenticated right where we want them From: Willem Kasdorp [EMAIL PROTECTED]Reply-To: [EMAIL PROTECTED]Date: Tue, 7 Sep 2004 20:18:17 +0200To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Set Preferred DCThat's easy. On W2000 and XP, remove the DNS servers from the IP settings, and put the relevant DC entries in the HOSTS file. For W9x, set #DOM and 1b records in LMHOSTS. That way you insure the can only find the DC's you want them to. -- Regards, WillemP.S. If we could just skip over that whole bit it would be great.That was pretty hard, but I did it! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent WestmorelandSent: Tuesday, September 07, 2004 5:24 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Set Preferred DCOk Guys, I am about to ask a question that may stir up a great deal of conversation about "Good Practice" and "Avoiding Hard Coded Entries", If we could just skip over that whole bit it would be great. That being said, I need to control the logonserver of individual machines running operating systems ranging from win98, to NT4.0, win2k, and winXP. This is a mixed mode active directory domain in a typical branch office deployment single domain, single forest. Again this needs to be on individual machines so please don't respond with a DNS answer, I'm looking for a reg hack or a utility like setprfdc.exe that will work in an ActiveDirectory Domain on all of the previously mentioned operating systems.Thanks,Brent
Re: [ActiveDir] Set Preferred DC
Title: Re: [ActiveDir] Set Preferred DC I am familiar with open source DHCP products publishing an OpenLdap server and searchbase, but havent really looked to the MS product for that. To my knowledge, the client will perform an rpc call to the local netlogon service thereby calling DSGetDCName and invoking one of two Locators. Either the DNS or Netbios locator then will work their magic to return the necessary records. I was hoping that there may be a regkey to preclude this process, but thus far I havent found anything. Thanks Brent From: Perdue David J Contr InDyne/Enterprise IT [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 7 Sep 2004 20:25:07 - To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: RE: [ActiveDir] Set Preferred DC Isn't that a setting that you can push via DHCP? I want to say you can put a tag on your clients so that they can receive different info via DHCP without having to be on a different subnet. For the life of me, I can't remember what MS calls the tag. Dave From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Willem Kasdorp Sent: Tuesday, September 07, 2004 12:08 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Set Preferred DC All right, seriously then. If you really insist on hacking it instead of fixing nameresolution you can use nltest to reset the secure channel to the DC you want. That sound better? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland Sent: Tuesday, September 07, 2004 8:44 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Set Preferred DC That's Brilliant! Then we could just stop resolving DNS names except for DCs. We could break file print, internet everything else, but the client would be authenticated right where we want them From: Willem Kasdorp [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 7 Sep 2004 20:18:17 +0200 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Set Preferred DC That's easy. On W2000 and XP, remove the DNS servers from the IP settings, and put the relevant DC entries in the HOSTS file. For W9x, set #DOM and 1b records in LMHOSTS. That way you insure the can only find the DC's you want them to. -- Regards, Willem P.S. If we could just skip over that whole bit it would be great. That was pretty hard, but I did it! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] On Behalf Of Brent Westmoreland Sent: Tuesday, September 07, 2004 5:24 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Set Preferred DC Ok Guys, I am about to ask a question that may stir up a great deal of conversation about Good Practice and Avoiding Hard Coded Entries, If we could just skip over that whole bit it would be great. That being said, I need to control the logonserver of individual machines running operating systems ranging from win98, to NT4.0, win2k, and winXP. This is a mixed mode active directory domain in a typical branch office deployment single domain, single forest. Again this needs to be on individual machines so please don't respond with a DNS answer, I'm looking for a reg hack or a utility like setprfdc.exe that will work in an ActiveDirectory Domain on all of the previously mentioned operating systems. Thanks, Brent
RE: [ActiveDir] Set Preferred DC
Title: Re: [ActiveDir] Set Preferred DC simplified Actually the client tries to connect to the DC where he last logged on first, then recieves the name of the site, queries the DCs in that Site and performs a RPC-Ping to see who's resonding fast enough. /simplified The feature Dave mentioned is the classid, you are able to set the classid of specific clients and change the DHCP-Options for that classid. The clientside can be configured using GPOs or by using the ipconfig /setclassid command. This will not enable to you to set a prefered DC, it just enables you to provide different DHCP-Options such as DNS-Suffix or DNS-Servers. Gruesse - Sincerely, Ulf B. Simon-Weidner From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent WestmorelandSent: Tuesday, September 07, 2004 10:53 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] Set Preferred DC I am familiar with open source DHCP products publishing an OpenLdap server and searchbase, but havent really looked to the MS product for that. To my knowledge, the client will perform an rpc call to the local netlogon service thereby calling DSGetDCName and invoking one of two Locators. Either the DNS or Netbios locator then will work their magic to return the necessary records. I was hoping that there may be a regkey to preclude this process, but thus far I havent found anything.ThanksBrent From: Perdue David J Contr InDyne/Enterprise IT [EMAIL PROTECTED]Reply-To: [EMAIL PROTECTED]Date: Tue, 7 Sep 2004 20:25:07 - To: "'[EMAIL PROTECTED]'" [EMAIL PROTECTED]Subject: RE: [ActiveDir] Set Preferred DCIsn't that a setting that you can push via DHCP? I want to say you can put a "tag" on your clients so that they can receive different info via DHCP without having to be on a different subnet.For the life of me, I can't remember what MS calls the "tag".Dave From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Willem KasdorpSent: Tuesday, September 07, 2004 12:08 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Set Preferred DCAll right, seriously then. If you really insist on hacking it instead of fixing nameresolution you can use nltest to reset the secure channel to the DC you want. That sound better? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent WestmorelandSent: Tuesday, September 07, 2004 8:44 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] Set Preferred DCThat's Brilliant! Then we could just stop resolving DNS names except for DCs. We could break file print, internet everything else, but the client would be authenticated right where we want them From: Willem Kasdorp [EMAIL PROTECTED]Reply-To: [EMAIL PROTECTED]Date: Tue, 7 Sep 2004 20:18:17 +0200To: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Set Preferred DCThat's easy. On W2000 and XP, remove the DNS servers from the IP settings, and put the relevant DC entries in the HOSTS file. For W9x, set #DOM and 1b records in LMHOSTS. That way you insure the can only find the DC's you want them to. -- Regards, WillemP.S. If we could just skip over that whole bit it would be great.That was pretty hard, but I did it! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] On Behalf Of Brent WestmorelandSent: Tuesday, September 07, 2004 5:24 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Set Preferred DCOk Guys, I am about to ask a question that may stir up a great deal of conversation about "Good Practice" and "Avoiding Hard Coded Entries", If we could just skip over that whole bit it would be great. That being said, I need to control the logonserver of individual machines running operating systems ranging from win98, to NT4.0, win2k, and winXP. This is a mixed mode active directory domain in a typical branch office deployment single domain, single forest. Again this needs to be on individual machines so please don't respond with a DNS answer, I'm looking for a reg hack or a utility like setprfdc.exe that will work in an ActiveDirectory Domain on all of the previously mentioned operating systems.Thanks,Brent