Domain Controllers Running Windows Server 2003 Perform Automatic Site Coverage for Sites with RODCs
Applies To: Windows Server 2008
To ensure that clients can locate a domain controller in the nearest available site, domain controllers attempt to register their DNS service location (SRV) resource records. These resource records pertain to sites that contain no domain controller for the domain of which they are a member. This functionality is commonly known as "automatic site coverage."
Automatic site coverage factors in the cost associated with the site links of a site without a domain controller. This cost helps determine which domain controller registers its SRV resource records for that site. The SRV resource records are registered by domain controllers from the site that has the lowest cost between its site link and the site that has no domain controller. This makes it possible for clients in the site without a domain controller to use the least expensive network connection to contact a domain controller in another site.
Domain controllers running Windows Server 2003 do not consider RODCs when they evaluate site coverage requirements. As a result, they perform automatic site coverage for any site regardless of the presence of an RODC for the same domain.
If a domain controller running Windows Server 2003 registers its DNS SRV resource records for a site that contains an RODC, clients that attempt to discover a domain controller in the RODC site also find the domain controller that is running Windows Server 2003. As a result, they might not authenticate with the RODC as planned.
Choose one of these possible solutions for this problem:
- The preferred option is to install the RODC compatibility pack on Windows Server 2003 domain controllers. To download the RODC compatibility pack, see article 944043 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=122974).
Ensure that only domain controllers running Windows Server 2008 are present in the site closest to the RODC site.
Unlike domain controllers that run Windows Server 2003, domain controllers that run Windows Server 2008 do consider RODCs when they perform automatic site coverage. As a result, they do not attempt to register SRV resource records for the RODC site. Domain controllers running Windows Server 2003 do not attempt to register SRV resource records for the RODC site because they are not in the closest site.
Disable automatic site coverage on domain controllers running Windows Server 2003.
By editing the registry of the domain controllers running Windows Server 2003, you can prevent them from performing automatic site coverage.
To disable automatic site coverage on a domain controller running Windows Server 2003
Click Start, click Run, type regedit, and then click OK.
Navigate to the following registry subkey:
Click Edit, point to New, and then click DWORD Value.
Type AutoSiteCoverage as the name of the new entry, and then press ENTER.
Double-click the new AutoSiteCoverage registry entry.
Under Value data, type 0 to disable automatic site coverage or type 1 to enable it.