Solved

AD sites & authentication question

Posted on 2012-03-23
2
395 Views
Last Modified: 2012-08-14
I've got an interesting issue with what site my machines are authenticating against.

We are a single forest/domain company. We recently purchased another company. We purchased a new domain controller, which we set up locally. We did not create a subdomain for the new company, as we decided to simply leave them as part of our existing domain.

Once the DC was setup, i shipped it to the remote office and traveled out there. I created a new site in ADSS, defined the local subnet and moved the domain controller into the new site.

*note* - The new subnet i created is the only subnet defined under subnets.
            - There was au automatic site created right after the name of the new site, with some letters like CNF:c05d7 etc.

Back here, in the primary site, when i add computers to the domain, they are showing up in AD on the remote domain controller, and then syncing back here to the main office once replication takes place. I checked the NETLOGON parameters in the registry and the machines seem to think they are part of the remote site, and not the local site. they have a Dynamic Site Name of the remote site in question.

I was in the middle of doing a /prepareschema in the midst of an Exchange 2010 transition when i discovered that the computer wasn't using the correct site, as it was giving me errors about not being in the same site as the schema master. I had to add a registry entry under NETLOGON/PARAMETERS of "SiteName" and give it the value of my primary site, and restart the netlogon services, for the machine to recognize it was in the correct site.

Do i need to define a local subnet and add that to my primary site to force computers here to use our local domain controllers first? I want to make sure computers here are using the correct site. I'm worried my machines are authenticating to the wrong domain controllers here in the main office.
0
Comment
Question by:HornAlum
2 Comments
 
LVL 6

Accepted Solution

by:
netjgrnaut earned 500 total points
ID: 37757511
Do i need to define a local subnet and add that to my primary site to force computers here to use our local domain controllers first?

Yes.  You should define all sites and subnets to get the results you're looking for.  Important for the KCC to work.
0
 
LVL 5

Author Comment

by:HornAlum
ID: 37757530
yup, i figured that was it.

Added the subnet, replicated the settings. removed and readded the computer and now it's showing up on the correct domain controller first, under AD U&C

Thanks!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Export a GPO and import a GPO 3 46
Event 4625 - Account Name: _ 3 29
accidental deletion - ad recycle bin 3 21
Elevated user monitoring in Active Directory 4 31
Synchronize a new Active Directory domain with an existing Office 365 tenant
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question