Client communication with remote domain controller - Best Practice?

Charlie Caldwell 6 Reputation points
2020-11-05T15:18:52.803+00:00

We have several remote sites all on a single domain. Through firewall policies, clients can not communicate with clients at other locations. We do allow DC's to talk to each other. One situation I realized is happening today is Clients can sometimes not ping domainname.com because DNS gives them a DC outside of the site which they can't communicate with. I'm assuming that this would also affect group policy as the client can not reach the sysvol on the remote DC.

What is the best practice for clients at remote sites? should all clients in the domain be able to communicate with all DC's in the domain? My google-fu was weak on this one and couldn't find any documentation on this specific topic.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,524 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,039 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
544 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thameur-BOURBITA 32,981 Reputation points
    2020-11-05T22:32:12.157+00:00

    Hi,

    The best practice is to align the active directory topology with your network topology. I recommend you to to perform the following actions through the console "sites and services active directory":

    • Create a active directory site for each remote site
    • Move the closest domain controller on active directory site
    • Create a subnet for each remote physical site and assign it to the active directory site where there is the closest domain controller

    Once you complete those steps, the client will find the closest domain controller based on active directory topology via dclocator process.

    active-directory-replication-concepts

    Please don't forget to mark this reply as answer if it help you to fix your issue

    0 comments
  2. Vicky Wang 2,731 Reputation points
    2020-11-09T07:45:41.293+00:00

    Hi,

    Welcome to share your current situation if there are any updates.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    Vicky

    0 comments
  3. Charlie Caldwell 6 Reputation points
    2020-11-09T13:23:24.537+00:00

    Thank you for your comment. However, the suggestion you provided is not correct for this situation. Finding the closest DC via the dclocator process for authentication purposes is not the same as pinging the domain name and getting a response. Ping is not site-aware... when a request is made to the DNS server to resolve domainname.com a random DC in the network is presented in more like a round-robin fashion. Because of our network firewalls many DC's do not respond to ping.

    The reason I see our current configuration as an issue is if lets say I wanted to deploy a GPO script or shortcut and the location of these is \domainname.com\NETLOGON... If the domainname.com doesn't resolve via DNS to a local DC then the client can not get the file. I hope this more clearly explains what I am asking.

    Should all clients in the domain be able to communicate with all DC's in the domain?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.