AD sites and services

Question

AD sites and services

Nishan Ali 1

i have two sites one is local site (primary domain controller) and another one is remote site ( additional domain controller). I have done the additional domain controller and also created active directory sites and services in the new remote site. This new additional domain controller I put in to new site.

The problem is when I am using to logged into client machine from my local site the traffic is first communicating to this new additional domain controller then after only then its going to my primary domain controller. when I type echo %logonserver% is showing the primary domain controller. But it is trying to authenticated from remote site. we want first it should communicate to primary domain controller in local site if the local site is down then it will be going to communicate to the remote site additional domain controller.
Why it's getting authenticated from different branch when my local RODC is already in Up?
However when I checked the site in client machine it is showing correct site.
But logon server is showing same.

sonfrai223 0 Reputation points

2023-02-27T13:31:08.51+00:00
Active Directory Sites and Services is a Microsoft Management Console (MMC) snap-in that allows administrators to manage the replication of directory data between sites in a Microsoft Active Directory environment.

In Active Directory, a site is a logical grouping of network objects, such as domain controllers, that are connected by high-speed links. Sites are used to control the replication of directory data between domain controllers and to optimize network traffic.

Using the Active Directory Sites and Services snap-in, administrators can perform the following tasks:

Define sites: Create and manage site objects that represent the physical network topology of an organization.

Define subnets: Associate subnets with site objects to ensure that domain controllers are located in the correct site.

Create site links: Define connections between sites to enable replication of directory data.

Configure site link costs: Set the cost of each site link to control the preferred path for replication traffic.

Manage replication: Monitor and manage the replication of directory data between domain controllers in different sites.

Manage site link bridges: Configure site link bridges to connect sites that are not directly linked.

Active Directory Sites and Services is a powerful tool that can help organizations to optimize the performance and reliability of their Active Directory infrastructure. It is recommended that administrators become familiar with its features and functionality in order to effectively manage their Active Directory environment.

4 answers

Your answer

sonfrai223 0 Reputation points

2023-02-27T13:31:08.51+00:00

Active Directory Sites and Services is a Microsoft Management Console (MMC) snap-in that allows administrators to manage the replication of directory data between sites in a Microsoft Active Directory environment.

In Active Directory, a site is a logical grouping of network objects, such as domain controllers, that are connected by high-speed links. Sites are used to control the replication of directory data between domain controllers and to optimize network traffic.

Using the Active Directory Sites and Services snap-in, administrators can perform the following tasks:

Define sites: Create and manage site objects that represent the physical network topology of an organization.

Define subnets: Associate subnets with site objects to ensure that domain controllers are located in the correct site.

Create site links: Define connections between sites to enable replication of directory data.

Configure site link costs: Set the cost of each site link to control the preferred path for replication traffic.

Manage replication: Monitor and manage the replication of directory data between domain controllers in different sites.

Manage site link bridges: Configure site link bridges to connect sites that are not directly linked.

Active Directory Sites and Services is a powerful tool that can help organizations to optimize the performance and reliability of their Active Directory infrastructure. It is recommended that administrators become familiar with its features and functionality in order to effectively manage their Active Directory environment.

Answer 1

Hello,

I just came across this post and wondered if you might be able to advise.

I have a AAA (non-Microsoft server) that uses LDAP/LDAPS to lookup a user for authentication and authorisation. It resides on the same logical network (10.x.x.x) as the domain controller. We have sites and services configured and the subnet belongs to the defined site and the domain controller also resides in there. In our configuration we are referencing the domain name e.g. example.com as the authentication destination and were relying on sites and services to lookup the closest domain controller i.e. the one on the same subnet to handle the authentication request, however we are seeing DNS return other domain controllers outside of the data centre.

I just wanted to confirm if (1) you had to be a Microsoft workstation/server to take advantage of sites and services or if any host on a subnet defined in a site can benefit from it and (2) is there anything else that needs to be configured to ensure the local domain controller is prioritised for the site. We have added additional domain controllers but have ensured that the local one has a lower priority and higher weight than the others.

Thanks,

Answer 2

Hello,

The best practice is to create differrent subnet for each office, then create a active directory site for each office which has domain controller , finnaly you should assign each subnet to site closest site to force users closest to contact the closest active directory.

The DCs in the sites closest to a particular site based on site link costs will help clients find a DC as close as possible. This is known as automatic site coverage.
If there is no Site link , user will contact a random DC.

You can refer to the followings link for more details:

https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/sites-sites-everywhere-8230/ba-p/399239

Enabling Clients to Locate the Next Closest Domain Controller
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/enabling-clients-to-locate-the-next-closest-domain-controller

Regards,

Answer 3

Charles Thivierge 4,181

Make sure that you have configure subnets for your primary and remote site

Each subnets in your organization should be associated to a site. This is how DC Locator is working to reach the closest DC

https://social.technet.microsoft.com/wiki/contents/articles/24457.how-domain-controllers-are-located-in-windows.aspx

hth

0 comments

Answer 4

madison short 0

acceptedddd

0 comments

Share via

AD sites and services

4 answers

Your answer