Forum Discussion

charlie4872's avatar
charlie4872
Brass Contributor
Jun 01, 2021

Authenticating users without local DC

Hello All. We are looking to setup a few smaller sites with no DC in those sites. My question is, to point those users in those smaller sites to authenticate to a DC in one of our datacenters would I create the subnet for each of the smaller sites and associate that subnet with the datacenter site where the DC lives OR would I create a new site for for each of the smaller locations and create a site link to the datacenter site where the DC lives? I was under the impression that creating site links would only be for sites that have a DC and facilitate replication and not for pointing users to a DC. I have been researching this and am confused on what I am reading. Any help is greatly appreciated.

Thanks!

  • Seshadrr's avatar
    Seshadrr
    Iron Contributor
    Please create a site and associate the necessary subnet for site-Subnet mapping and followed by for DC-Less sites, please update the DNS Site LDAP priority and those Scopes based DNS option to target the data center for proximity authentication.
    • charlie4872's avatar
      charlie4872
      Brass Contributor

      Seshadrr Thanks for the response. Are you referring to changing these DNS records under "Sites" in DNS and pointing the records to the DC's in the datacenter?

       

      • Seshadrr's avatar
        Seshadrr
        Iron Contributor
        If you need proximity for the data center, which can be stunned via LDAP priority set to Datacenter DC or your site's clients Ipaddress leased by DHCP, then use the DNS server option as Datacenter get immediate DNS resolution in that way the proximity auth will be nearest.

Resources