locked
Define the AD server for authentication RRS feed

  • Question

  • Hi,

    I am having some issues with the SharePoint 2010 authentication. 

    The current environment is the following: There are many offices (locations) using the same domain (global.domain.com) and each office has a replicated local AD server. The issue is that the users logging in the office are "supposed" to log in to the local server instead of using an AD server in the central office, but the computers, somehow, bypass the local AD and request authentication in a central AD server. Other IT staff are working on this issue but I mention it since it might be related to the SharePoint authentication.

    SharePoint is also trying to search for user authentication in another AD server and not in the local one, making the authentication to either take too long, or the site to request the user the username / password three times and then give an error page.

    The main question is, is it possible to define in SharePoint which AD server to use for authentication?

    Thank you,

    Luis

    Friday, March 29, 2013 9:16 AM

Answers

  • This is an AD sites issue.  You need to build an AD site for your SharePoint servers (if they're on their own subnet or subnet them out) and add domain controllers to that site to handle authentication.  This is the only way to 'force' authentication to a DC. 

    Alternatively, although not recommended, you could add a hosts file entry on each SharePoint server pointing 'domain.local' to a specific domain controller.  Again, I wouldn't do this unless it was a temporary workaround.


    Hope This Helps!

    • Proposed as answer by Trevor SewardMVP Friday, March 29, 2013 1:46 PM
    • Marked as answer by Luis_ortiz Friday, March 29, 2013 2:43 PM
    Friday, March 29, 2013 12:21 PM

All replies

  • This is an AD sites issue.  You need to build an AD site for your SharePoint servers (if they're on their own subnet or subnet them out) and add domain controllers to that site to handle authentication.  This is the only way to 'force' authentication to a DC. 

    Alternatively, although not recommended, you could add a hosts file entry on each SharePoint server pointing 'domain.local' to a specific domain controller.  Again, I wouldn't do this unless it was a temporary workaround.


    Hope This Helps!

    • Proposed as answer by Trevor SewardMVP Friday, March 29, 2013 1:46 PM
    • Marked as answer by Luis_ortiz Friday, March 29, 2013 2:43 PM
    Friday, March 29, 2013 12:21 PM
  • Hi Ryan,

    Thanks for the answer. The AD sites is being taken care of by other department and hope they can fix it soon.

    The workaround that you mention is to edit the hosts file located in system32/drivers/etc/ and add a line in the format:

    domain.local  full.name.of.DC.server.com

    or

    domain.local <DC_IP_ADDRESS>

    ?

    Thanks,

    Luis

    Friday, March 29, 2013 2:08 PM
  • I wouldn't call it a workaround, keep in mind if that server you're pointing to reboots sharepoint will puke until it comes back up again.  I suppose you could create a few entries, I haven't personally ever had to do that but you could try it

    IP of DC <domain.local>
    IP of DC #2 <domain.local>


    Hope This Helps!

    Friday, March 29, 2013 2:21 PM
  • I tried editing the hosts file but the server just likes to go there, even after rebooting.

    I am just going to push the DNS team to fix this. 

    Thanks!

    Friday, March 29, 2013 2:44 PM