AD sites & authentication question

I've got an interesting issue with what site my machines are authenticating against.

We are a single forest/domain company. We recently purchased another company. We purchased a new domain controller, which we set up locally. We did not create a subdomain for the new company, as we decided to simply leave them as part of our existing domain.

Once the DC was setup, i shipped it to the remote office and traveled out there. I created a new site in ADSS, defined the local subnet and moved the domain controller into the new site.

*note* - The new subnet i created is the only subnet defined under subnets.
            - There was au automatic site created right after the name of the new site, with some letters like CNF:c05d7 etc.

Back here, in the primary site, when i add computers to the domain, they are showing up in AD on the remote domain controller, and then syncing back here to the main office once replication takes place. I checked the NETLOGON parameters in the registry and the machines seem to think they are part of the remote site, and not the local site. they have a Dynamic Site Name of the remote site in question.

I was in the middle of doing a /prepareschema in the midst of an Exchange 2010 transition when i discovered that the computer wasn't using the correct site, as it was giving me errors about not being in the same site as the schema master. I had to add a registry entry under NETLOGON/PARAMETERS of "SiteName" and give it the value of my primary site, and restart the netlogon services, for the machine to recognize it was in the correct site.

Do i need to define a local subnet and add that to my primary site to force computers here to use our local domain controllers first? I want to make sure computers here are using the correct site. I'm worried my machines are authenticating to the wrong domain controllers here in the main office.
LVL 5
HornAlumAsked:
Who is Participating?
 
netjgrnautCommented:
Do i need to define a local subnet and add that to my primary site to force computers here to use our local domain controllers first?

Yes.  You should define all sites and subnets to get the results you're looking for.  Important for the KCC to work.
0
 
HornAlumAuthor Commented:
yup, i figured that was it.

Added the subnet, replicated the settings. removed and readded the computer and now it's showing up on the correct domain controller first, under AD U&C

Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.