There are several ways... If clients from a certain subnet connect to AD the DC that services the client will register an event ID (5807) stating what is shown in http://www.eventid.net/display.asp?eventid=5807&eventno=4298&source=NETLOGON &phase=1
The following solutions come into my mind in a hub-and-spoke topology (1) Creating a catch-all subnet and link it to the site for the HUB location Creating a broader subnet definition in AD to catch all clients that are in subnets that have not yet been defined in AD. E.g. HUB has subnets and the subnets are defined in AD 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24 Available DCs in HUB will service the clients BRANCH1 has subnets and the subnets are defined in AD 10.1.4.0/24 10.1.5.0/24 10.1.6.0/24 Available DCs in BRANCH1 will service the clients BRANCH2 has subnets and the subnets are NOT YET defined in AD 10.1.7.0/24 10.1.8.0/24 10.1.9.0/24 One of the DCs in the domain (impossible to determine which if all registered the domain specific service records which is the default) will service the clients in those subnets. Define in AD a subnet 10.1.0.0/16 and link that to the HUB location. Because 10.1.7.0/24 and 10.1.8.0/24 and 10.1.9.0/24 is a part of the subnet 10.1.0.0/16 the DCs in the HUB will service the clients. Remember that this also applies for DCs if they are located in one of the three subnets! Those DCs will register their records in the HUB site (in AD and DNS). If at a later moment (after implementing the DCs) a the site and subnets are defined in AD for BRANCH2 you'll have to clean the SRV RRs for the DCs in the BRANCH2 location that were registered in the HUB site!!! As I always say: "always checks all prerequisites for the DCs (site, subnets, GPO configs, etc) that are additionally implemented!" However, with this configuration, if all DCs at a location are unavailable the client will ask for all DCs in the domain (the ones that have registered the domain specific SRV RRs which is the default for all DCs) and will use one of the DCs on that list that is randomly generated! (2) Tweaking DNS SRV RRs of the DCs If you are using W2K3 (if you are using W2K you can create an ADM yourself and tattoo the registry of the DC) you could use GPOs to configure the setting "Administrative Templates\System\Net Logon\DC Locator DNS Records\DC Locator DNS records not registered by the DCs" for DCs at branch offices NOT to register DOMAIN SPECIFIC SRV RRs and allow only registration of the site-specific records. The DCs at the HUB location(s) are configured with the default setting (registration of the domain- and site specific SRV RRs). This way when a client connects to AD from a subnet that has not yet been defined in AD, it will be serviced by the DCs in the HUB location(s). The DC that serviced the client will still register event ID 5807 (which is not the case in (1) ) (3) Creating a catch-all subnet and link it to the site for the HUB location AND Tweaking DNS SRV RRs of the DCs See above for explanations PROs: no event ID 5807 is registered in the DCs and when DCs are down the HUB DCs will be used (if both are requirements!) Cheers, #JORGE# -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITC Sent: Wednesday, May 11, 2005 03:14 To: [email protected] Subject: RE: [ActiveDir] Site/Subnet Management I have seen similar to what he is seeing. Basically I believe he is having the same issue. Because of growth and change the Subnets at local and remote sites are fluctuating where occasionally a system is connecting to the network on a subnet that is not defined within AD to be a part of this site or another site. So basically the system them query's to find out what site it is in and could possibly talk to a DC that is in another site which of course isn't good. I would be interested in knowing better ways if any to ensure first that my subnets are setup with the right sites and if not to easily update them. Jeff -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Tuesday, May 10, 2005 8:52 PM To: [email protected] Subject: RE: [ActiveDir] Site/Subnet Management Hi Brain, I was at Robert Half International working on their deployment of 400 2003 AD controllers to their remote offices world wide a few monts back and have not seen the problems that you have. I am assuming that your locations currently run a NT 4 BDC and your Active Directory domain is in mixed mode? Have you created separate sites in AD and defined the cost for each site? Can I also ask what type of clients ( Windows 98, NT4 2000, Mac, XP ) your running? Regards, Jose Medeiros --------------------------------------------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Brian Desmond Sent: Tuesday, May 10, 2005 5:44 PM To: [email protected] Subject: [ActiveDir] Site/Subnet Management Hi all, Wondering what strategies you all use for managing sites & subnets in your AD environment. Mine is fluid in this regard. There are roughly 650 physical locations with 2 subnets per. The number of locations is fluctual in terms of add/drop. Currently we have just a small handful of AD sites, and save for a couple dozen subnets, they all go in one big happy site. We're moving towards putting DCs at remote locations and thus they're going to start getting their own sites. The current system is fairly manual - I start seeing netlogon warnings about # of no site connections, email the WAN guy and get his subnet/location spreadsheet, and then i mangle it a bit into a CSV. I delete all the existing subnets. Run my vbscript which recreates them all according to the CSV. This is all well and good I guess but it's an annoying system. Anybody got anything better? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
