cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Authenticating users without local DC

charlie4872
Brass Contributor

‎Jun 01 2021 07:38 AM

‎Jun 01 2021 07:38 AM

Authenticating users without local DC

Hello All. We are looking to setup a few smaller sites with no DC in those sites. My question is, to point those users in those smaller sites to authenticate to a DC in one of our datacenters would I create the subnet for each of the smaller sites and associate that subnet with the datacenter site where the DC lives OR would I create a new site for for each of the smaller locations and create a site link to the datacenter site where the DC lives? I was under the impression that creating site links would only be for sites that have a DC and facilitate replication and not for pointing users to a DC. I have been researching this and am confused on what I am reading. Any help is greatly appreciated.

Thanks!

2,188 Views
1 Like
4 Replies
Reply
4 Replies
Dave Patrick

‎Jun 01 2021 08:27 AM

‎Jun 01 2021 08:27 AM

Re: Authenticating users without local DC

Some general info here.

Best practices for Active Directory Sites and Services | Microsoft Docs

Sites that do not have their own domain controllers and at least one global catalog are dependent on other sites for directory information, making the utilization of network bandwidth between sites less efficient.

   

Domain Controller Location Process | Microsoft Docs

 

 

0 Likes
Reply
Seshadrr

‎Jun 02 2021 08:05 AM

‎Jun 02 2021 08:05 AM

Re: Authenticating users without local DC

Please create a site and associate the necessary subnet for site-Subnet mapping and followed by for DC-Less sites, please update the DNS Site LDAP priority and those Scopes based DNS option to target the data center for proximity authentication.
0 Likes
Reply
charlie4872

‎Jun 02 2021 09:34 AM

‎Jun 02 2021 09:34 AM

Re: Authenticating users without local DC

@Seshadrr Thanks for the response. Are you referring to changing these DNS records under "Sites" in DNS and pointing the records to the DC's in the datacenter?

charlie4872_0-1622651657092.png

 

0 Likes
Reply
Seshadrr

‎Jun 03 2021 12:04 AM

‎Jun 03 2021 12:04 AM

Re: Authenticating users without local DC

If you need proximity for the data center, which can be stunned via LDAP priority set to Datacenter DC or your site's clients Ipaddress leased by DHCP, then use the DNS server option as Datacenter get immediate DNS resolution in that way the proximity auth will be nearest.
0 Likes
Reply