0

In my company we have two domain controllers PDC (primary one), ADC (Additional one). upon user authentication the Additional domain controller is not involved in any user authentication.

we have checked the replication and it's OK. we have checked the DNS and it seems OK.

is there a place to check to see if some is wrong or not?

Improve this question
7
  • 1
    not involved in any user authentication. how are you validating that? You should be able to sinkhole the functional DC name and fqdn in the hosts file on a client and force authentication on the other DC. Also need to include the output of nltest /dsgetdc:domain.name /server: otherDC.
    – Greg Askew
    Sep 27 at 13:03
  • when we disconnected the primary DC clients failed in the authentication process
    – homayoun shokri
    Sep 27 at 13:10
  • 1
    Does the sysvol / netlogon share are on both server and fully replicated ? In dcpromo I often see a replication error that prevent those share to be replicated and it will lead to client error. It's a common issue I see often
    – yagmoth555
    Sep 27 at 17:37
  • The "other" DC is probably not advertising one or more nltest flags. Nltest can also be used to enable DC Locator logging. And querying the DC using nslookup. Lots of testing available.
    – Greg Askew
    Sep 27 at 18:55
  • initial sysvol replication happened? new dc advertising as global catalog?
    – David Trevor
    Sep 28 at 8:10

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .