Active Directory users authenticate to DR DC for IPC$ share

Adnan Tariq 1 Reputation point
2021-06-29T09:29:20.377+00:00

Hi, i have seen the authentication requests from Production site users to DR Domain controller to access IPC$ share using SMB. we have already bound the subnets properly but still users from production site is going to DR site Domain controller and access IPC$. is that normal or there is any misconfiguration?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
4,011 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Fan Fan 15,186 Reputation points
    2021-06-30T00:56:17.03+00:00

    Hi,

    If the site and subnet is configured correctly, the users should find the DCs in the same site for authentication. If there are no available DCs,it will find DCs in other site.
    Not sure how did you configure your sites and if there are DCs in every site.
    Also, make sure DCs in the production site are available.

    To get authenticated dc
    nltest /dsgetdc:domainname
    klist query_bind(kerberos authentication)

    You can also test which DCs are nearest to your workstation in your site (copy nltest.exe from the DC to the workstation’s system32 folder):
    nltest /sc_query:YourDomainName.com

    To find the GC your workstation used (copy nltest.exe from the DC to the workstation’s system32 folder):
    nltest /dgsgetdc:your_domain_name.com /GC

    More information about the The DC Locator Process, you can refer to the following link:
    https://servergurunow.wordpress.com/2017/10/14/dc-locator-process-2/
    https://servergurunow.wordpress.com/2017/10/14/dc-locator-process-2/

    Best Regards,