I'm facing a strange issue where some computers in my Main Office seem to be authenticating and pulling group policy information from the Branch Office's domain controller (BO-DC1) instead of the Main Office's domain controller (MO-DC1). Both offices are connected via a site-to-site VPN, and this came to light after a recent Active Directory change for a user at the Main Office that wasn't replicated to the Branch Office DC in time. I'm not sure how to troubleshoot this problem or where to look for solutions. Any advice would be greatly appreciated!
4 Answers
You might want to run a DCDiag on your MO-DC1 just to check that it's healthy. If everything passes, double-check that your site and services IP mapping is correct.
Also, consider verifying if the BO-DC1 is actually set up as a full domain controller. Sometimes, branch office machines are mistakenly configured as Read-Only Domain Controllers (RODC), which can lead to these kinds of issues.
I remember a similar situation happening a while back when we had a domain controller over a two-way satellite connection that was being used for authentication instead of the local one. Unfortunately, I can't recall the fix, but it highlights the importance of ensuring that local devices connect to the nearest domain controller.
It sounds like a misconfiguration in Active Directory Sites and Services. Make sure each location is defined as its own site and that the right subnets are configured for each site. This way, systems should authenticate with their local domain controllers by default unless they can't reach them.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures