AD sites and services

Nishan Ali 1 Reputation point
2021-09-14T11:34:38.84+00:00

i have two sites one is local site (primary domain controller) and another one is remote site ( additional domain controller). I have done the additional domain controller and also created active directory sites and services in the new remote site. This new additional domain controller I put in to new site.

The problem is when I am using to logged into client machine from my local site the traffic is first communicating to this new additional domain controller then after only then its going to my primary domain controller. when I type echo %logonserver% is showing the primary domain controller. But it is trying to authenticated from remote site. we want first it should communicate to primary domain controller in local site if the local site is down then it will be going to communicate to the remote site additional domain controller.
Why it's getting authenticated from different branch when my local RODC is already in Up?
However when I checked the site in client machine it is showing correct site.
But logon server is showing same.

Windows for business | Windows Server | Devices and deployment | Set up, install, or upgrade
{count} votes

3 answers

Sort by: Most helpful
  1. Charles Thivierge 4,171 Reputation points
    2021-09-14T12:48:33.237+00:00

    Make sure that you have configure subnets for your primary and remote site

    Each subnets in your organization should be associated to a site. This is how DC Locator is working to reach the closest DC

    https://social.technet.microsoft.com/wiki/contents/articles/24457.how-domain-controllers-are-located-in-windows.aspx

    hth

    0 comments No comments

  2. Limitless Technology 39,926 Reputation points
    2021-09-15T07:29:19.17+00:00

    Hello,

    The best practice is to create differrent subnet for each office, then create a active directory site for each office which has domain controller , finnaly you should assign each subnet to site closest site to force users closest to contact the closest active directory.

    The DCs in the sites closest to a particular site based on site link costs will help clients find a DC as close as possible. This is known as automatic site coverage.
    If there is no Site link , user will contact a random DC.

    You can refer to the followings link for more details:

    https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/sites-sites-everywhere-8230/ba-p/399239

    Enabling Clients to Locate the Next Closest Domain Controller
    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/enabling-clients-to-locate-the-next-closest-domain-controller

    Regards,

    0 comments No comments

  3. Carr, Darren 1 Reputation point
    2022-11-09T14:48:55.94+00:00

    Hello,

    I just came across this post and wondered if you might be able to advise.

    I have a AAA (non-Microsoft server) that uses LDAP/LDAPS to lookup a user for authentication and authorisation. It resides on the same logical network (10.x.x.x) as the domain controller. We have sites and services configured and the subnet belongs to the defined site and the domain controller also resides in there. In our configuration we are referencing the domain name e.g. example.com as the authentication destination and were relying on sites and services to lookup the closest domain controller i.e. the one on the same subnet to handle the authentication request, however we are seeing DNS return other domain controllers outside of the data centre.

    I just wanted to confirm if (1) you had to be a Microsoft workstation/server to take advantage of sites and services or if any host on a subnet defined in a site can benefit from it and (2) is there anything else that needs to be configured to ensure the local domain controller is prioritised for the site. We have added additional domain controllers but have ensured that the local one has a lower priority and higher weight than the others.

    Thanks,

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.