Active Directory - Sites & Services

[xPETEZx]

Hey Guys,

 

I am having a slight problem with AD Sites & Services config.

I thought I understood it, but apparently not.

 

I have 3 sites:

 

A  - Has 2 DC's and is main site

B - Has 1 DC

C - Currently has no DC

 

Each site is configured in AD S&S. And the correct subnet is added. I have the DCs all showing in the right sites.

 

I deleted the default site link, and created 2 of my own:

A to B

A to C

 

Both as the name suggests have just site A and the remote site.

 

Reason is there is no IP route between sites B & C. And I do not want there to be.

So subnet C cant route to B. At all. either direct, or through A. And thats the point.

 

Now I though with my 2 site links that was clear. 

 

However I am trying to join a machine to the domain in site C (which does not yet have a DC) and when I ping the domain name, I am getting back the IP of DC @ site B!

Why is that happening?

 

As such the domain join fails, as the machine cant talk to that DC. In DNS it currently has the 2 DCs at site A set.

 

Appreciate the help!

 

 

[ShadowPeo]

It will be DNS that is doing it.

 

If you look at DNS you will see an entry for each DC with the DNS name of "(same as parent folder)" these entries are what the DJOIN function uses to locate a domain controller to do the domain join. Remove the entry for the site B for instance, and you will get only the site A IP as a possible location.

 

Without having a local DNS server on site C that you can use as a primary over the site A one, there is not much you can do

 

S&S controls replication links not DNS entries and limitations, or not to the best of my knowledge anyway and I certainly have never used it in such a manner.

[xPETEZx]

Thanks.

 

I did think DNS just after posting.

 

If I remove the DNS entry for site B, wont that mean PCs at site by also cant use the local DC there to join?

 

Ideally I want only the PCs at site B to use the site B DC for anything.

[ShadowPeo]

Correct.

 

I do not know if there is a way to limit the resolution of that address on the DNS to a particular subnet, to my knowledge there isn't but I have never been put into a situation where I have needed to.. I am assuming here that the site b DC is also local DHCP for that site, thereby you can use that to set primary and secondary DNS. the only thing I can think of is finding a way to stop that paticular record from syncing and then remove it on site a, and leaving it on site b.

 

But I do not know if that is possible, as that kind of defeats the whole idea.

 

As I said, see if there is a way to filter the DNS records available as a valid response to a subnet, that is the best I can come up with