Can you force AD authentication to a particular Domain Controller in Multiple Site setup?

[jdyck]

I work for a School District in northern BC, Canada… We have approximately 21 locations (schools) spread over a several hunred km radius, each with their own domain controller replicating out from a central location. We do this because our rural schools in particular have slow WAN access (ie: shared province wide satellite).

I’m trying to get a 10.4.4 server setup in a rural school and get one of those lovely golden triangle setups going…

Unfortunately, when I bind my server to Active Directory, and specify that I would prefer the local domain controller in Directory Access, it is instead going over the slow WAN connection to one of our in town schools. I’ve verified this by getting a TCPdump going and then going into dscl and listing the Active Directory users.

Due to the limited bandwidth, this is causing problems – accounts take forever to authenticate (not even sure they are, since I cancelled login after waiting several minutes). It will also be a complete disaster once I get the 40 computers in the school also authenticating to AD…

Is there some other way of forcing the Mac to only authenticate from the local domain controller? Perhaps with one secondary remote server to be used *ONLY* if the main one is unavailable? Am I missing something?

[jdyck]

Thanks for your response MacTroll. I will speak with our Active Directory guru and see what he can figure out… I probably doesn’t help that our AD setup is in flux the last month as they try to fix the mess from the previous ‘gurus’… Will post an update if this does or does not fix things.

[Author]

Posts