Hey everyone! I'm having a bit of a headache with my Active Directory setup and could use some help. We've got two main sites: one is our datacenter on the 192.168.19.0/24 subnet, which has multiple Domain Controllers, a File Server, and other resources. The second site for our office uses DHCP and is on the 192.168.20.0/24 subnet, connected to the datacenter via dark fiber, but it has no servers. There's also a 192.168.100.0/24 subnet for a remote office in Africa with its own Domain Controller and a Fortigate. The trouble is, clients at our head office sometimes end up contacting the Domain Controller in Africa instead of the local one in the datacenter, and this introduces latency issues that can even crash their computers on the first connection to our file shares (company.local). Most times, when I ping company.local, they randomly connect to various Domain Controllers, including the one in Africa. I've double-checked that AD Sites and Services are configured correctly and all the subnets are in the right places. What am I missing here?
5 Answers
Consider adjusting your DFS referral settings. Ensuring you're using 'client site' targeting can help direct the traffic appropriately. Also, review your DNS round-robin setup, as having multiple A records for your domain name may lead to random DC selections when clients query. You might want to disable DNS round-robin to have a more controlled selection.
It sounds like the core issue could be more related to your DFS configuration rather than DNS. Confirm that both DFS servers in your setup are configured correctly to manage the namespace. If you're missing a namespace server in the datacenter, that might lead to these complications.
You might want to check if your clients are correctly associated with an AD site based on their subnet. Sometimes, if the subnet settings don't line up (I noticed your segments don't seem to fit a /23 or /22 structure), clients might think they're outside their expected site and connect to any available Domain Controller, like the one in Africa. This can cause the kind of issues you're facing!
It might also be a good idea to remove the Africa DC from the client's DNS settings in the HQ office. This could help prevent any accidental connections to it during initial client lookups.
Remember, when you ping company.local, it doesn’t actually use AD site settings to determine which DC to contact. Make sure your site links are correctly configured, as that can also impact how Domain Controllers are chosen.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures