Share via

session in which DC of the domain?

Mario 40 Reputation points
2024-07-20T00:06:46.19+00:00

I have a win2019 member server that is joined to my only domain.

I have two DCs, one 2016, another 2019.

The member server has only one dns pointing to dc2019.

I have 2 users to do what I mention below:

User1 is as local admin on my member server

User 2 is not local admin on my member server

I perform the following test:

I log in with user1 and through nltest /dsgetdc: I see that I am logged in to DC2019!!

I log off, without restarting and I log in with user2, and through nltest /dsgetdc: I see that I am logged in to DC2016!!

My existential doubt is who decides?, at what moment and why? where authenticates and in any case, I see that this authentication is at the user level, and not at the "server level joined to a specific domain and for the entire section since it was turned on."

Is this like that or is it at the request of the best available?

Many questions, many doubts... :(

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,595 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 18,005 Reputation points MVP
    2024-07-20T01:55:57.8166667+00:00

    use nltest /sc_query:domain_name instead.

    This will provide the secure channel between the member server and domain controller that user authentication leverages (at least in a single-domain environment, where computers and users are part of the same AD domain).

    Btw. even nltest /sc_query is not entirely reliable, since it can be renegotiated over time

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments