AD site discovery

This post discusses the scenario where in an Active Directory with one site, that site is always returned as the client site, even if the subnet isn't recorded in AD. This is not necessarily the intuitive result, and I couldn't easily see this documented anywhere by Microsoft, hence the testing below.

The theory is that because there is only a single site in AD, all clients will belong to that site by default regardless of IP subnet. The converse is also true, in that if there is more than one site in the directory, then without correct IP subnets a client will be unable to determine its site.

To prove this theory, I created a site in the a 2003 AD lab and ran some tests:

1. As soon as more than one site exists in the directory, if a workstation’s IP address is not part of a known subnet linked to a site, ‘null’ will be returned when querying the site a client belongs to.
2. If only a single site exists, with or without the subnets in AD the client will return the first and only site as the current workstation site

Notes:

1. In the first test where the site could not be determined, the netlogon locator was still able to find and use a DC, but in a distributed environment it would more than likely not be the closest DC.
2. This would almost certainly cause issues with SMS using AD site boundaries. As soon as a second site was added, any workstations in subnets that were not in AD would stop working as SMS clients.

Test process:

1. Created a second site in the lab, two sites now exist, with no subnets
2. Waited a minute or so, from an XP workstation: 'nltest /dsgetdc:domain' still returns ‘our site’ of default-first-name-site
3. Restart netlogon on an XP workstation, same result ]
4. Restarted the workstation
5. nltest /dbflag:0x2080ffff
6. net stop netlogon & net start netlogon
7. Check netlogon and nltest, site name of null and nltest omits ‘our site’ from the output:
   

   
   
   find /i "site" c:\windows\debug\netlogon.log
   ---------- C:\WINDOWS\DEBUG\NETLOGON.LOG
   07/14 09:56:35 [SITE] Setting site name to '(null)'
   07/14 09:56:38 [INIT] SiteName (0) = (null)
   07/14 09:56:38 [INIT] CloseSiteTimeout = 900 (0x384)
   07/14 09:56:38 [INIT] SiteNameTimeout = 300 (0x12c)
   07/14 09:56:38 [INIT] AutoSiteCoverage = TRUE
   07/14 09:56:38 [SITE] Setting site name to '(null)'
   
   C:\Program Files\Support Tools>nltest /dsgetdc:domain
   DC: \\TESTAD1
   Address: \\192.168.10.10
   Dom Guid: 3aa9ef9a-f1b4-4ce4-a85b-823b259c4919
   Dom Name: domain
   Forest Name: domain.local
   Dc Site Name: Default-First-Site-Name
   Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_FOREST
   

8. Deleted the second site
9. reboot an XP workstation, check netlogon and nltest:
   

   
   
   find /i "site" c:\windows\debug\netlogon.log
   07/14 10:01:43 [SITE] Setting site name to '(null)'
   07/14 10:01:43 [SITE] Setting site name to 'Default-First-Site-Name'
   07/14 10:01:43 [INIT] SiteName (0) = Default-First-Site-Name
   
   C:\>nltest /dsgetdc:domain
   DC: \\TESTAD1
   Address: \\192.168.0.10
   Dom Guid: 3aa9ef9a-f1b4-4ce4-a85b-823b259c4919
   Dom Name: domain
   Forest Name: domain.local
   Dc Site Name: Default-First-Site-Name
   Our Site Name: Default-First-Site-Name
   Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_FOREST CLOSE_SITE
   The command completed successfully 
   

Wayne's World of IT (WWoIT), Copyright 2008 Wayne Martin.