I work with a Windows domain that has many domain controllers (DCs). I'm looking to remove some of these, but I know there are some applications that are hard-coded to use a specific domain controller for authentication. I don't know what these applications are however. How can I determine which applications could be set to use a single domain domain controller so I can prevent an outage when that DC goes offline?
Identify applications that are configured to connect to a specific domain controller
active-directorydomain-controllerwindows-server-2008-r2
Related Topic
- Risks of having only one domain controller
- Active directory member servers cannot locate domain controller
- Ldap – Domain Controller returns LDAP Referral for it’s own domain
- What does a domain controller (DC) use a certificate for
- IIS – Change Default Domain Controller for Windows Authentication
- Domain Controller Failover Fails Unidirectionally – Solutions
Best Answer
Shut down each DC for a couple of days and wait for the screams.
Seriously, it's the only way.
Whoever/whatever wants to talk to Active Directory should be able to find a domain controller using the proper process. But some application developers are definitely foolish enough to want a statically-defined DC; well, it's their fault, and they should pay for it.
But you, as an AD administrator, have absolutely no way of knowing if an application is talking to a specific DC because it actually looked it up the proper way, or because someone configured it statically.
Sadly, shutting down each DC and checking if anything stops working is the only way.