We have a domain spread across multiple physical sites. Currently at one of our remote sites users who login are using a login server at our HQ as their %LOGONSERVER% instead of the local GC/DC. This does not affect all users, but some-- and causes very slow logins due to the traffic being sent overseas via an IPSec tunnel.
My question is, how do you force a given site in AD to use a specific logon server (ie. the local server) unless it isn't available?
I checked DNS and see that there are two _ldap and _kerberos SRV records at:
_tcp.REMOTESITENAME._sites.OURDOMAIN, one being the local logon server and the other being the server at our HQ overseas. I feel like removing the _ldap and _kerberos entries for the remote server would probably resolve this (correct me if I'm wrong) but I don't want to break logons when the local server is down.
Any advice would be appreciated!