AD sites & authentication question
Posted on 2012-03-23
I've got an interesting issue with what site my machines are authenticating against.
We are a single forest/domain company. We recently purchased another company. We purchased a new domain controller, which we set up locally. We did not create a subdomain for the new company, as we decided to simply leave them as part of our existing domain.
Once the DC was setup, i shipped it to the remote office and traveled out there. I created a new site in ADSS, defined the local subnet and moved the domain controller into the new site.
*note* - The new subnet i created is the only subnet defined under subnets.
- There was au automatic site created right after the name of the new site, with some letters like CNF:c05d7 etc.
Back here, in the primary site, when i add computers to the domain, they are showing up in AD on the remote domain controller, and then syncing back here to the main office once replication takes place. I checked the NETLOGON parameters in the registry and the machines seem to think they are part of the remote site, and not the local site. they have a Dynamic Site Name of the remote site in question.
I was in the middle of doing a /prepareschema in the midst of an Exchange 2010 transition when i discovered that the computer wasn't using the correct site, as it was giving me errors about not being in the same site as the schema master. I had to add a registry entry under NETLOGON/PARAMETERS of "SiteName" and give it the value of my primary site, and restart the netlogon services, for the machine to recognize it was in the correct site.
Do i need to define a local subnet and add that to my primary site to force computers here to use our local domain controllers first? I want to make sure computers here are using the correct site. I'm worried my machines are authenticating to the wrong domain controllers here in the main office.