Devices attempting to resolve AD requests to wrong DC

Question

Good Morning,

I really hope someone can help! We are a child domain lets say the root domain is A and we are a child domain B. Clients in domain B are attempting to resolve DNS, GPO, all AD requests to domain A, rather than domain B. I have confirmed sites and services is correct, there are entries for a DC in domain A but as were part of the same domain I`d expect that? Firewall traffic is limited to domain A and we want all AD requests to go via DC B.

When I ping domain B it sometimes resolves DC A which is blocked, other times it`ll resolve domain B DC which it responds.

Nslookup on domain B also resolves both IP for DC A and B.

Is there a way to completely stop clients attempting to communicate to domain A DC and only resolve/request to domain B DC?

Thanks

Scott

Answer 1

Hello ScottEvans_2022,

Thank you for posting in Microsoft Community forum.

How did you check "Clients in domain B are attempting to resolve DNS, GPO, all AD requests to domain A, rather than domain B. "?

1.You can check the DNS servers on Clients in domain B? If you set the DNS servers on clients in domain B using DNS server (DC server in domain B) in domain B.

2.Check if clients in domain B can contact DCs in domain B.

3.Check if all AD ports between clients in domain B and DCs in domain B are open.

Active Directory and Active Directory Domain Services Port Requirements

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10)?redirectedfrom=MSDN

Active Directory Replication over Firewalls

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb727063(v=technet.10)?redirectedfrom=MSDN

I hope the information above is helpful.

If you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou