Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

AD sites & authentication question

Posted on 2012-03-23
2
Medium Priority
?
418 Views
Last Modified: 2012-08-14
I've got an interesting issue with what site my machines are authenticating against.

We are a single forest/domain company. We recently purchased another company. We purchased a new domain controller, which we set up locally. We did not create a subdomain for the new company, as we decided to simply leave them as part of our existing domain.

Once the DC was setup, i shipped it to the remote office and traveled out there. I created a new site in ADSS, defined the local subnet and moved the domain controller into the new site.

*note* - The new subnet i created is the only subnet defined under subnets.
            - There was au automatic site created right after the name of the new site, with some letters like CNF:c05d7 etc.

Back here, in the primary site, when i add computers to the domain, they are showing up in AD on the remote domain controller, and then syncing back here to the main office once replication takes place. I checked the NETLOGON parameters in the registry and the machines seem to think they are part of the remote site, and not the local site. they have a Dynamic Site Name of the remote site in question.

I was in the middle of doing a /prepareschema in the midst of an Exchange 2010 transition when i discovered that the computer wasn't using the correct site, as it was giving me errors about not being in the same site as the schema master. I had to add a registry entry under NETLOGON/PARAMETERS of "SiteName" and give it the value of my primary site, and restart the netlogon services, for the machine to recognize it was in the correct site.

Do i need to define a local subnet and add that to my primary site to force computers here to use our local domain controllers first? I want to make sure computers here are using the correct site. I'm worried my machines are authenticating to the wrong domain controllers here in the main office.
0
Comment
Question by:HornAlum
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
netjgrnaut earned 2000 total points
ID: 37757511
Do i need to define a local subnet and add that to my primary site to force computers here to use our local domain controllers first?

Yes.  You should define all sites and subnets to get the results you're looking for.  Important for the KCC to work.
0
 
LVL 5

Author Comment

by:HornAlum
ID: 37757530
yup, i figured that was it.

Added the subnet, replicated the settings. removed and readded the computer and now it's showing up on the correct domain controller first, under AD U&C

Thanks!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question