question

NishanAli-3775 avatar image
0 Votes"
NishanAli-3775 asked LimitlessTechnology-2700 answered

AD sites and services

i have two sites one is local site (primary domain controller) and another one is remote site ( additional domain controller). I have done the additional domain controller and also created active directory sites and services in the new remote site. This new additional domain controller I put in to new site.

The problem is when I am using to logged into client machine from my local site the traffic is first communicating to this new additional domain controller then after only then its going to my primary domain controller. when I type echo %logonserver% is showing the primary domain controller. But it is trying to authenticated from remote site. we want first it should communicate to primary domain controller in local site if the local site is down then it will be going to communicate to the remote site additional domain controller.
Why it's getting authenticated from different branch when my local RODC is already in Up?
However when I checked the site in client machine it is showing correct site.
But logon server is showing same.

windows-server-infrastructure
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

cthivierge avatar image
0 Votes"
cthivierge answered

Make sure that you have configure subnets for your primary and remote site

Each subnets in your organization should be associated to a site. This is how DC Locator is working to reach the closest DC

https://social.technet.microsoft.com/wiki/contents/articles/24457.how-domain-controllers-are-located-in-windows.aspx

hth

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello,

The best practice is to create differrent subnet for each office, then create a active directory site for each office which has domain controller , finnaly you should assign each subnet to site closest site to force users closest to contact the closest active directory.

The DCs in the sites closest to a particular site based on site link costs will help clients find a DC as close as possible. This is known as automatic site coverage.
If there is no Site link , user will contact a random DC.

You can refer to the followings link for more details:


https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/sites-sites-everywhere-8230/ba-p/399239

Enabling Clients to Locate the Next Closest Domain Controller
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/enabling-clients-to-locate-the-next-closest-domain-controller

Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.