Domain Computers Trying to Autheticate with Remote Office ADC

abdussamed thondikkal 21 Reputation points
2021-09-07T13:48:30.717+00:00

Dear,
Recently we have installed additional domain controller in remote branch office. After this we noticed as, domain computers from head office trying to communicate (TCP- 135, 139, 389, 443, 445. UDP- 389) with branch ADC.
Because of this we are facing authentication failure or slowness from head office, also we didn't allowed communications from head office user network to branch additional domain controller (we need to make sure all head office user's & device's should communicate to head office domain controller).

Our infra details are mentioned below:

HEAD OFFICE:
Primary DC- 192.168.10.10
Secondary DC- 192.168.1.20
Active Directory Site Name: Default-First-Site-Name

HO Client PC Networks:- 172.25.10.0/24, 172.25.11.0/24

BRNACH OFFICE:
Additional DC: 172.20.1.10
Active Directory Site Name: BRANCH01
Branch client network: 172.21.1.0/24

Thanks
asamed

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,074 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Dave Patrick 426.3K Reputation points MVP
    2021-09-07T14:22:11.5+00:00
    1 person found this answer helpful.

  2. Limitless Technology 39,461 Reputation points
    2021-09-07T16:47:33.977+00:00

    Hello @abdussamed thondikkal

    I believe what you need yo configure are Active Directory sites to create a boundary based on the subnets, so the preferred Authentication DC would be the one in the same site subnet.

    You can find more details here: https://learn.microsoft.com/en-us/windows-server/remote/remote-access/ras/multisite/configure/step-2-configure-the-multisite-infrastructure

    Hope this helps in your case,
    Best regards

    0 comments No comments

  3. abdussamed thondikkal 21 Reputation points
    2021-09-13T09:03:53.22+00:00

    Hi DSPatrick & LimitlessTechnology-2700,
    Thanks for your valuable technical reference.
    Sorry for late response.

    We have configured only two subnets (As mentioned below, ref screenshot will attached here).

    1. HEAD OFFICE:
      Site Name: Default-First-Site-Name
      Subnets: 192.168.1.0/24 (In this network Head office domain controllers are installed).
    2. BARNCH OFFICE:
      Site Name: Branch-01
      Subnets: 172.18.0.0/24 (In this network branch office Additional domain controller installed).

    But we have multiple other networks (production server's, end user computers- few of them mentioned below), but we didn't configured any subnets for those subnets.

    1. Head Office Networks:
      Application Server- 172.25.0.0/24
      Staff Network's: 172.25.7.0/24, 172.25.10.0/24
    2. Branch Office Networks:
      Staff Network: 172.18.12.0/24, 172.18.13.0/24

    Existing subnet configuration screenshot attached here for your reference.

    Thanks131583-existing-subnet-configuration.png

    0 comments No comments