Share via


Prevent Degraded Performance by Defining the Missing Subnets

Why Consider this

Subnets are used to allow clients and servers to find the nearest Active Directory domain controller. Without the correct configuration, for example delays in authentication can occur.

Watch a Customer Engineer explaining the issue

Context & Best Practices

The subnet definitions listed in this issue are derived by the IP addresses of clients authenticating from undefined subnets. A class C, or 255.255.255.0, subnet mask is assumed. This may not be accurate if the environment uses other subnet masks. The list is meant to be a starting point to assist environments in defining all subnets properly in Active Directory. Refer to the issue titled "Missing Subnet Definitions" for details on how undefined subnets impact Active Directory.

Suggested Actions

Review the list and add the missing subnets to the appropriate site if possible.

How to Troubleshoot

  1. Determine if these subnets are required.

  2. Work with your networking team to identify the closest site for each subnet.

  3. Create subnets in the AD Topology and link them to the correct site.

Learn More

Using Catch-All Subnets in Active Directory: https://technet.microsoft.com/magazine/2009.06.subnets.aspx

Update resolves a problem in which LDAP, Kerberos and DC locator responses are slow or time out with Windows

Windows Server 2008 or Windows Server 2008 R2 Domain Controller delayed response to LDAP or Kerberos requests

DC fails logons or experiences LDAP timeouts