Share via

How to avoid clients reaching specific DomainController?

OskarPrez 0 Reputation points
2023-04-20T23:36:23.4+00:00

Hello all, apologies for my english, I hope you can help me please, considering this: I have a network with 2 vlans, one for serves 10.190.4.0, another for local PCs 172.20.142.0. 3 Domain controllers DC1 10.190.4.10 physically in the same network as PCS DC2 10.190.4.9 physically in the same network as PCS DC3 10.191.4.10, this one is in a remote network, reached by a VPN My local clientes network configuration is given by DHCP server, in the network 172.20.142.0, with specific DNS IP address PrimaDNS 10.190.4.10 Secondary 10.190.4.9 So, the issue is that I do not want my clients reaches the DC3, since it is not necesary, and also because it is in a remote site over VPN. when I ping mydomain.local from different computers, sometimes it replies with the DC3 IP address, eventually the ping replies with the DC1 or DC2 IP address. I have Changed the Priority for DC3, with 2 value, DC1 and DC2 has 0, restart the netlogon service in DC3 but did not work, after a while, when pinging mydomain.local it replies with DC3 IP address. Also I disabled Run Robin in the 3 DC servers with no luck. the result of this command nltest /mydomain.local always gives the DC1 and the DC2 as result, that is OK. the only thing I want, is that when pinging mydomain.local only get replies by my DC1 or DC2. Is this even possible? thankyou for your help

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,613 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,244 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-04-21T02:07:42.01+00:00

    Ping is not site aware. Pinging the domain name will just result in one DNS server answering. You could read on here about how domain controllers are located.
    https://social.technet.microsoft.com/wiki/contents/articles/24457.how-domain-controllers-are-located-in-windows.aspx
    --please don't forget to upvote and Accept as answer if the reply is helpful--

  2. Anonymous
    2023-04-25T18:03:19.8166667+00:00

    everytime they ping mylocaldomain.com, the DC3 replies

    As mentioned ping is not site aware so this is not a good test. Something here could help.
    https://woshub.com/get-ad-dc-logonserver/

    --please don't forget to upvote and Accept as answer if the reply is helpful--