|
I am searching for an article that identifies the behavior that
of how authentication DC’s are selected based on AD sites. Here is why. Our default site cost for all our sites in the hub and spoke
architecture is 10. We had a situation where we have a BDC “Domain H that
is in Mixed mode” on the same network as our Hosted Exchange Servers on “Domain
N that is in Native Mode”. The Exchange Servers managed to establish a secure channel
with the DC’s of “Domain H” AD PDC which is located in a different
site from the Hosted Exchange Servers and “Domain H’s BDC”. When the “Domain Admin of H moved one of there servers
to a Site starting with A, we saw the secure channel get changed to the site
with an A in it. So our suspicions are as follows. We believe authentication is served locally if possible
(Meaning on the same subnet). If there are no local DC’s and the domain is in mixed
mode, it will use sites based on cost. If there are multiple sites to chose from. It will then select
a site based on its order is AD Sites & Services. The reason why is that we moved the DC back to a site lower
in the site list and it changed to secure channel. Thanks, Todd |
- RE: [ActiveDir] Need to confirm a behavior in AD Si... Myrick, Todd (NIH/CIT)
- RE: [ActiveDir] Need to confirm a behavior in ... simon.geary
- RE: [ActiveDir] Need to confirm a behavior in ... Darren Mar-Elia
- RE: [ActiveDir] Need to confirm a behavior in ... Eric Fleischman
