Active Directory Sites & Subnet Object

Posted on 2011-10-05
Last Modified: 2012-05-12
Hi Group Members,

I have Created Single Forest and Multiple Domains

Example :     - Root DC                       IP :            MASK :  - 1st Child Domain       IP :            MASK :  - 2nd Child Domain       IP :           MASK :

Checked that all servers are successfully pinging each other and also replication is working normally

But i have seen in some learning video that the Trainer First Create a "New Site" on Root DC Then Added a "Subnet Object" then he installed other Child DC's etc (AD installation and Joined as Child Domain)

Now Pls tell me Why he Created these Sties ? Is this important Step to create site first then joined Child DC after ?

What is the importance of subnet object in Active Directory Sites and Services ?

On my Above mentioned scenario can  i create subnet object and or add sites after joining the child domains ?

pls help me

Question by:infoplateform
    LVL 37

    Expert Comment

    In terms of Sites & Services Subnets relate to Sites IN THE DOMAIN. I would never consider defining subnets that are in fact in use by a child domain.
    Maybe somebody differs but would be a new one on me.
    LVL 24

    Accepted Solution

    Having all of your subnets in Active Directory is important because a client that attempts to log on from a subnet that is not associated with any site may authenticate with any domain controller in the domain. This can result in the logon process taking longer to complete. Unfortunately, Microsoft has not provided an easy way to rectify this problem.

    Under Windows 2000,the only source of missing subnet information is the System event 5778. The
    The only way to dynamically determine missing subnets is to query each domain controller for 5778 events and map the IP addresses specified within the events to a subnet you add to the site topology.

    With Windows Server 2003, things are not that much better. One of the issues with the 5778 events under Windows 2000 is that they can easily fill up your System event log if you have many missing subnets. In Windows 2003, Microsoft decided to instead display a summary event 5807 that states that some number of connection attempts have been made by clients that did not map to a subnet in the site topology.

    Instead of scraping the event logs on every domain controller, you can look at the %SystemRoot%\debug\netlogon.log file on each domain controller and parse out all of the NO_CLIENT_SITE enTRies. This is still far from an easy process, but at least the event logs are no longer cluttered with 5778 events.
    Here is an example of some of the NO_CLIENT_SITE enTRies from the netlogon.log file:
          01/16 15:50:07 RALLENCORP: NO_CLIENT_SITE: RALLEN-TEST4
          01/16 15:50:29 RALLENCORP: NO_CLIENT_SITE: SJC-BACKUP

    You can create the Sites and Subnets before DC promotion or you can do the same later once the DC is promoted.

    Also make all the DC as GC(Global Catlog):

    Refer this KB for sites and subnet creation:

    LVL 6

    Author Closing Comment

    Thanks For Your Comments

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
    Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now