I'd think that it would be considered expected behavior - I don't believe one forest would have a concept of the other's sites and subnets.
-------- Roger Seielstad E-mail Geek > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rachui, Scott > Sent: Monday, April 04, 2005 9:00 PM > To: [email protected] > Subject: RE: [ActiveDir] Unmapped IP Subnets in Another AD Forest > > I agree...my question is whether this is expected behavior or > not. As a very good Microsoft engineer once told me, "we > don't want to cover up evil". If AD is acting as expected, > then you're right and we'll handle it. If not, then it would > be good to know that as well. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Roger Seielstad > Sent: Monday, April 04, 2005 10:03 PM > To: [email protected] > Subject: RE: [ActiveDir] Unmapped IP Subnets in Another AD Forest > > It strikes me like the best way to handle that is to provide > correct site and subnet mappings across both (all) forests - > especially when there are cross forest processes happening. > > -------- > Roger Seielstad > E-mail Geek > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > Rachui, Scott > > Sent: Monday, April 04, 2005 6:20 PM > > To: [email protected] > > Subject: [ActiveDir] Unmapped IP Subnets in Another AD Forest > > > > I have an odd problem. I checked one of our AD 2000 (SP4) forests > > today. It had a flurry of Event ID 5778s as shown below: > > > > Event Type: Information > > Event Source: NETLOGON > > Event Category: None > > Event ID: 5778 > > Date: 4/4/2005 > > Time: 9:14:17 PM > > User: N/A > > Computer: <Domain Controller> > > Description: > > '<Computer Name>' tried to determine its site by looking up its IP > > address ('<IP Address>') in the Configuration\Sites\Subnets > container > > in the DS. No subnet matched the IP address. Consider adding a > > subnet object for this IP address. > > > > The only problem was that in some cases, the computers mentioned in > > the events were authenticating to another forest. There is a 2-way > > trust between Forest A and Forest B. The user and computer > are both > > in Forest A, with only resources in Forest B (a migration is > > underway). > > > > My understanding of unmapped subnets is that DNS will give you a > > random list of DCs and you'll query them to find you're > optimal site. > > If your IP Address is unmapped, you'll use whichever DC > replies first. > > But you'll also re-query AD every 15 minutes until your IP > Subnet is > > defined and you are using AD optimally. > > > > Now if a computer is authenticating to Forest A and then only > > accessing resources in Forest B, why would he post 5778 events just > > because his IP Subnet from Forest A isn't also defined in > Forest B? > > This seems wrong to me, somehow. But I thought I'd ask the > experts on > > this alias to see if you had any thoughts. > > > > Thanks in advance for your thoughts and help. > > > > Scott > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
