I would agree that you want to register the subnets in Sites and Services.
If a client attempts to authenticate from a subnet that is not registered, AD has no way to determine what site the client is in. It this case, I believe the client will query DNS for all of the DCs in the domain and then attempt to contact each one in turn. The first one that replies will be used for authentication. If you decide to create an empty site (no DCs)for you subnets, the autosite coverage algorithm will ensure that clients in that site are authenticated with a DC in a nearby site. The DCs in the closest site based on cost will register site-specific SRV records for the empty site. -Mark -----Original Message----- From: Roger Seielstad [mailto:roger.seielstad@;inovis.com] Sent: Thursday, October 24, 2002 9:39 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Sites with no DC > Oh, and this all does assume that YOUR network engineers TELL you when > they put in a whole 'nother group of networks or sub-netted something > that you already had defined. No, really - I'm not bitter.... Glad to know that happens elsewhere, too. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Rick Kingslan [mailto:rkingsla@;cox.net] > Sent: Thursday, October 24, 2002 9:41 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Sites with no DC > > > I'd agree with Roger on this one - unless you don't mind machines in > Pnsacola FL. Authenticating in Reno, NV. If we don't have one of our > subnets defined to some site, we see messages from the > Locator reporting > that some machine at some site with the subnet xx.xx couldn't find an > associated site. It suggests that you might want to create a > subnet for > it. > > If these types of events are rare, or there are a small number of > un-associated machines, or, if you have boatloads of > bandwidth, then it > might not be a problem. > > I'd take chance out of the equation and just create the subnets and > associate them with your hub until you have a clearer idea of what the > traffic pattern should be. > > Oh, and this all does assume that YOUR network engineers TELL you when > they put in a whole 'nother group of networks or sub-netted something > that you already had defined. No, really - I'm not bitter.... > > Rick Kingslan - Microsoft MVP [Windows NT/2000] > Microsoft Certified Trainer > MCSA, MCSE+I - Windows NT / 2000 > > "Any sufficiently advanced technology > is indistinguishable from magic." > --- Arthur C. Clarke > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:ActiveDir-owner@;mail.activedir.org] On Behalf Of > > Roger Seielstad > > Sent: Thursday, October 24, 2002 6:59 AM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] Sites with no DC > > > > > > >From experience, I wouldn't trust the locator to get 'close' very > > >often. > > > > During our initial deployment, the WAN team changed the IP > > pools of our VPN concentrators. After looking through some of > > the logs on domain controllers, we were seeing a very random > > distribution of authentication, with some authentication > > happening 4 WAN hops away, when there were multiple DCs on > > different local subnets. > > > > I'd strongly suggest creating a subnet object for each subnet > > on your network, and associating each of them with a site. > > > > ------------------------------------------------------ > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis - Formerly Harbinger and Extricity > > Atlanta, GA > > > > > > > -----Original Message----- > > > From: Garello, Kenneth [mailto:KGarello@;worcester.edu] > > > Sent: Wednesday, October 23, 2002 5:07 PM > > > To: '[EMAIL PROTECTED]' > > > Subject: RE: [ActiveDir] Sites with no DC > > > > > > > > > How much overhead does leaving it up to the locator incur? > > > > > > Ken > > > > > > -----Original Message----- > > > From: Gil Kirkpatrick [mailto:gilk@;netpro.com] > > > Sent: Wednesday, October 23, 2002 4:37 PM > > > To: '[EMAIL PROTECTED]' > > > Subject: RE: [ActiveDir] Sites with no DC > > > > > > Hey Don, > > > > > > Is this your first post to the list? If so, welcome. > > > > > > To answer your question, no you don't have to create a site > > > for each subnet. You can associate multiple subnets with a > > > single site. Or you can leave the subnets unassigned, and the > > > DC locator will do its best to find a DC "close" to the > > > authenticating PC. > > > > > > -gil > > > -----Original Message----- > > > From: Don Murawski (Lenox) > > > [mailto:Don.Murawski@;worldtravel.com] > > > Sent: > > > Wednesday, October 23, 2002 1:02 PM > > > To: [EMAIL PROTECTED] > > > Subject: [ActiveDir] Sites with no DC > > > We have subnets without dc's, do you need to create a > > > site and subnet in Sites and Services anyway for those sites? > > > > > > Don L Murawski > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
