|
Thanks All, for the responses. Here is what I found, the algorithm is
what answered my question. �Appears that the number of DC’s was what
caused the site selection, then alphabetical order. http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=""> from
this WP....
Automatic
Site Coverage
There is
not necessarily a domain controller in every site. For various reasons, it is
possible that no domain controller exists for a particular domain at the local
site. By default, each domain controller checks all sites in the forest and
then checks the replication cost matrix. A domain controller advertises itself
(registers a site-related SRV record in DNS) in any site that does not have a
domain controller for that domain and for which its site has the lowest-cost
connections. This process ensures that every site has a domain controller that
is defined by default for every domain in the forest, even if a site does not
contain a domain controller for that domain. The domain controllers that are
published in DNS are those from the closest site (as defined by the replication
topology). For
example, given one domain and three sites, a domain controller for that domain
might be located in two of the sites, but there might be no domain controller
for the domain in the third site. Replication to the domain that does not have
a domain controller in the third site might be too expensive in terms of cost
or replication latency. To ensure that a domain controller can be located in
the site closest to a client computer, if not the same site, Windows 2000
automatically attempts to register a domain controller in every site. The
algorithm that is used to accomplish automatic site coverage determines how one
site can "cover" another site when no domain controller exists in the
second site. Determining
Site Coverage on the Basis of Cost
Given one
domain and sites A, B, and C, site A has no domain controllers for the
domain. If a client in site A attempts to locate a domain controller,
which domain controller should be returned? The answer depends on which site
covers site A for the domain. Site coverage is determined according to
site-link costs, and domain controllers register themselves in sites
accordingly. In the
example, a site link exists between site A and both of the other sites
— that is, the connections between domain controllers in site A,
site B, and site C are configured for replication over site links in
Active Directory Sites and Services. (For more information about site links and
site-link costs, see "Active
Directory Replication" in this book.) Costs are associated with site
links based on the expense of transferring data over the connections. The
administrator uses the speed of the connection between sites to assign a cost
to the communication link, and replication uses the cost to establish the least
expensive route for replication traffic. Site A
and site B are connected by site link AB. Site A and site C
are connected by site link AC, with the following costs:
The link
between site A and site C has a much higher cost than the link
between site A and site C. The administrator configured this cost
based on the expensive Integrated Services Digital Network (ISDN) line that
connects site A and site C, and the administrator would prefer that
resources in site B be used when possible. The site coverage algorithm
ensures that a domain controller in site B registers itself as a domain
controller for site A. In this way, clients in Site A that are
looking for a domain controller find one from site B, instead of possibly
finding one from site C. For more information about site link cost, see "Active
Directory Replication" in this book. Site
Coverage Algorithm
During
registration of SRV records in DNS, the following algorithm is used to
determine which domain controllers register site SRV records that designate
them as preferred domain controllers in sites that do not have a specific
domain represented. For every
domain controller in the forest, follow this procedure:
From: deji Agba
[mailto:[EMAIL PROTECTED] Try reading "Authentication
Topology" by Sincerely, Microsoft MVP - Directory Services www.readymaids.com - we know IT From: Darren
Mar-Elia Todd- From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of I am searching for an article that identifies the behavior
that of how authentication DC’s are selected based on AD sites. Here is why. Our default site cost for all our sites in the hub and spoke
architecture is 10. We had a situation where we have a BDC “Domain H that
is in Mixed mode” on the same network as our Hosted Exchange Servers on
“Domain N that is in Native Mode”. The Exchange Servers managed to establish a secure channel
with the DC’s of “Domain H” AD PDC which is located in a
different site from the Hosted Exchange Servers and “Domain H’s
BDC”. When the “Domain Admin of H moved one of there servers
to a Site starting with A, we saw the secure channel get changed to the site
with an A in it. So our suspicions are as follows. We believe authentication is served locally if possible
(Meaning on the same subnet). If there are no local DC’s and the domain is in mixed
mode, it will use sites based on cost. If there are multiple sites to chose from. It will then
select a site based on its order is AD Sites & Services. The reason why is that we moved the DC back to a site lower
in the site list and it changed to secure channel. Thanks, Todd |
