No announcement yet.

do you need to define an AD Site if there is no DC in that site?

  • Filter
  • Time
  • Show
Clear All
new posts

  • do you need to define an AD Site if there is no DC in that site?

    refering to the MS article here:

    i note that defining AD sites assist with Replication, Authentication, and Active Directory-enabled services

    If for example you have a geographically seperate branch office (connected by a high bandwidth WAN link 10MB) that also has it's own unique IP subnet in the corporate network, and that office is very small in terms of users (<5 users) and the only equipment onsite are the users PCs (ie no other servers onsite) - then is it better off in a design philosophy to NOT define that AD site in AD Sites and Services?

    ie my understanding is that when the workstations attempt to log into the domain, the DNS server responds to the workstation by assigning it a Domain Controller to register to. It is the DNS server which determines which DC the workstation should register to - and it does this by determining the lowest cost path from workstation to it's nearest DC. assuming this is done for AD via the sites and site-links defined in AD Sites and Services... if there is no site for this branch office, then how does the DNS server know which is the lowest-cost DC to this workstation?

    is this correct?

    or should I define the branch office in AD Sites and Services anyway, regardless that there is no DC onsite?

    Last edited by quachb76; 23rd January 2013, 00:43.

  • #2
    Re: do you need to define an AD Site if there is no DC in that site?

    Sites are used to hold DCs and to help clients use a local DC based on subnet. No DCs so no need for sites (although I tend to create one in case I add DCs in the future).

    If there is no local DC, there is information (weighting and cost IIRC) in the srv records that will help a client locate an appropriate DC but from experience it is more a case of "which DC responds quicker". If the DC is out of site, does it really matter?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Re: do you need to define an AD Site if there is no DC in that site?

      In your specific case, you do not need to create a new AD site, but you should define the subnet in Sites and Services and assign the subnet to your primary office AD site.

      As for location of the DCs, the DNS is a passive infrastructure - it does not perform any decision for the client, it is an information store of various records that the client uses to locate DCs (between other things). The exact process of locating a DC is outlined here:
      Bottom line: if the client's subnet is not defined in AD, the client might end up authenticating/using a random DC from its domain.
      Guy Teverovsky
      "Smith & Wesson - the original point and click interface"